The beat goes on for Microsoft.
Less than two weeks after the outbreak of the Slammer worm, which exploited vulnerable SQL Servers, and two days after announcing it was pulling back a faulty Windows NT 4.0 patch, Microsoft on Thursday warned Internet Explorer users of two new critical vulnerabilities.
The new fixes were rolled into a cumulative patch for IE that includes all previous patches for IE 5.01, 5.5 and 6.0.
One of the new vulnerabilities involves the Web browser's cross-domain security model. Microsoft's alert said this feature keeps windows of different domains from sharing information. The vulnerabilities bypass those checks and could allow an attacker hosting a malicious Web site to access information from a local machine. Microsoft said that, in a worst-case scenario, attackers could load malicious code onto a compromised system or invoke an executable already present on the local machine.
A user would have to be tricked into visiting a malicious Web site, hosted by an attacker, where the exploit was contained. Once on the site, the attacker could, for example, manipulate a dialog box and access information on the local domain from the Internet domain, Microsoft said. IE 5.01 users are not impacted by this vulnerability.
The other vulnerability is found in IE's showHelp feature, used by IE to display an HTML page containing help advice. The flaw could allow showHelp to execute without doing proper security checks and could allow an attacker to access sensitive user information, launch executables already present and load malicious code.
Again, a user would have to visit a malicious Web site hosted by the attacker, where they would open a showHelp window to a local file and gain access to the information stored there by sending a special URL to a second showHelp window, Microsoft said.
Microsoft cautioned that the new IE patch will shut down the window.showHelp function. Administrators will have to install the HTML help update released through Windows Update to get it patched and working again.
Microsoft this week also released an alert to Windows XP users warning of an unchecked buffer in the Windows Redirector, a feature used by a Windows client to access local and remote files regardless of the network protocols present. Microsoft rated this vulnerability "important."
The unchecked buffer receives parameter information. Should an attacker send it malformed data, he could shut down a system or run code. However, an attacker would have to physically log in to the system to run programs that use the redirector function. This flaw cannot be exploited remotely. Also, XP systems that are not shared between users are not affected.
FOR MORE INFORMATION:
- FEEDBACK: Send News Editor Michael S. Mimoso your thoughts on this story