Microsoft patches Active Directory, Internet Explorer flaws

By Robert Westervelt, News Editor 14 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft patched both client and server side flaws correcting vulnerabilities in Internet Explorer and Excel and repaired problems with the Host Integration Server and Active Directory on Windows 2000 Server.

This is really nasty if you have a Windows 2000 domain controller. Eric Schultze, chief technology officer, Shavlik Technologies LLC

The software giant said four of the critical updates fix vulnerabilities that could lead to remote code execution by an attacker. Eleven security bulletins have been released to fix 20 flaws.

Microsoft corrected a vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. Security bulletin MS08-060 addresses a problem in the way the server allocates memory for client LDAP requests. Microsoft said a remote attacker could send a malicious LDAP request triggering a memory allocation problem. If successfully exploited, an attacker could gain access to an affected network. The vulnerability affects Microsoft Windows 2000 servers configured to be domain controllers, Microsoft said.

A hole in Microsoft's Host Integration Server was also plugged. In bulletin MS08-059, Microsoft said the server flaw could be exploited if an attacker sends a malicious Remote Procedure Call (RPC) request. If successful, an attacker could take complete control of an affected system. The update affects all supported editions of Microsoft Host Integration Server 2000, Microsoft Host Integration Server 2004, and Microsoft Host Integration Server 2006.

In a statement to reporters, Ben Greenbaum, senior research manager, Symantec Security Response said the server side vulnerabilities deserve the greatest attention.

"…they are dangerous because they do not require any user-interaction and can lead to complete compromise of the host computer," Greenbaum said. "Once a server is compromised, the attackers typically embed further attacks against that server's users in public-facing content."

Shavlik's Schultze said several other updates also deserve attention. MS08-062 addresses an issue with Windows Internet Printing Service. The vulnerability was rated important since a user has to be logged in with administrative rights in order for an attacker to successfully exploit the flaw. But Schultze points out that Microsoft's new Exploitability Index warns that exploit code has been discovered in limited, targeted attacks. Microsoft said an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

SearchSecurity radio:

MS08-063 addresses a hole Microsoft Server Message Block (SMB) Protocol. Although it is also only rated important, Schultze said the protocol is used to login to systems, access corporate networks including file and printing servers and deserves attention from system administrators. The vulnerability faces an internal threat from a disgruntled employee, he said. The update affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

Microsoft also corrected several remote code vulnerabilities in Internet Explorer. In bulletin MS08-058, Microsoft said five vulnerabilities were resolved. The company said an attacker would have to get a user to view a malicious Web page to exploit the flaws. The update affects IE 5.01 and IE 6 Service Pack 1 on Windows 2000 and Windows XP. Internet Explorer 7 is rated important.

Three flaws in Microsoft Excel were addressed in MS08-057. The flaw was rated critical for Excel 2000 Service Pack 3. In its bulletin, Microsoft said an attacker could exploit the flaws by getting a user to open a malicious Excel file. Once exploited, an attacker could take complete control of an affected system. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said.

As a result of Microsoft's updates, Symantec Corp. informed customers of its DeepSight Threat Management System that it raised its ThreatCon level from level 1 to level 2. Symantec said Microsoft also released a Cumulative Security Update of ActiveX kill bits, essentially stopping malicious websites from opening several tools in Internet Explorer.

"Remote attackers can exploit many of the vulnerabilities that are being addressed with these security updates to execute arbitrary code," Symantec said. "Customers are strongly advised to install these updates as soon as possible."

Tags: Security Patch Management,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management How to manage patches for Adobe When is it suitable to remove Java updates? Adobe patches ColdFusion vulnerability blocking website attack Microsoft to address DirectShow, ActiveX zero-day flaws Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Windows Security: Alerts, Updates and Best Practices Security comparison: Mac OS X vs. Windows How to test IPv6 infrastructures Microsoft repairs critical DirectShow, Video ActiveX vulnerabilities Microsoft warns of new Office Web Components vulnerability Microsoft to address DirectShow, ActiveX zero-day flaws New attack code targets Microsoft ActiveX zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary