Microsoft issued a rather tepid advisory yesterday to warn users of a single "important" Windows flaw in the Help and Support Center that could allow an attacker to remotely execute code. It also re-released two previous bulletins. This comes in the wake of April's "Patch Tuesday," which sent sysadmins scurrying to apply eight patches to address 21 vulnerabilities.
"This is a monumental decrease from last month's salvo of vulnerabilities to just the non-critical one disclosed this month," said David Endler, TippingPoint's "director of digital vaccine" in Austin, Texas. "Network administrators still reeling from last month's round of announcements and subsequent exploit and worm releases are surely exhaling a large sigh of relief.
"It's likely that Microsoft planned a light month on purpose to allow administrators more time to attend to the patching of critical issues disclosed last month," added Endler.
The latest flaw, discussed in Microsoft advisory MS04-015, exists in the Help and Support Center because of the way that it handles HCP URL validation. The advisory said an attacker could exploit the vulnerability by constructing a malicious HCP URL that could allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. Successful exploitation could provide an attacker with same privileges as the user, including complete control of an affected system if the user had admin privileges. But Microsoft said significant user interaction would be necessary.
However, Symantec researchers believe the threat to be far more significant than Microsoft said, based on the same reasoning. In a statement, the Cupertino, Calif.-based company said, "Symantec Security Response and Symantec DeepSight Vulnerability analysts have rated this vulnerability as a high risk due to the impact if the vulnerability was successfully exploited."
Windows XP and Windows Server 2003 are affected. Microsoft recommends users install the update at the earliest opportunity. "Because hackers and virus writers are getting more sophisticated in the use of social engineering, users need to exercise great caution when clicking on links and visiting unfamiliar Web sites," said Alfred Huger, senior director, Symantec Security Response.
MS01-052 is a moderate denial-of-service vulnerability affecting Windows NT 4.0 and 2000. Microsoft said it updated this bulletin to addresses a security vulnerability that could occur with the original release and allow an attacker to attempt a denial of service attack against Windows NT Server 4.0 Terminal Server Edition systems.
MS04-014 is an important remote code execution vulnerability affecting Windows NT 4.0, 2000, XP and Server 2003. Microsoft said it updated this bulletin to include all supported languages in Windows XP.