Microsoft fixes critical flaws in Office, IE

By Robert Westervelt, News Editor 09 Dec 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft issued eight security bulletins, including six rated critical, addressing serious flaws in Internet Explorer and Microsoft Office that could be remotely exploited by an attacker to gain access to critical flaws and take control of a computer.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Four critical vulnerabilities in Internet Explorer (IE) could be exploited remotely if an attacker tricks a user into viewing a malicious Web page. Bulletin MS08-073 addresses memory corruption errors in the way IE handles certain navigation methods, Microsoft said.

The flaws are rated Critical for IE 5.01 and IE 6 Service Pack 1, running on Microsoft Windows 2000; IE 6 running on Windows XP; and IE 7. Microsoft gave the flaws a 1 on its Exploitability Index, warning that consistent exploit code is likely in the wild.

Bulleltin MS08-071 addresses two critical flaws in Microsoft's Graphics Device Interface (GDI). An error in the way the GDI handles the Windows Metafile (WMF) graphics file format could allow an attacker to pass a malicious WMF image file. Microsoft said reading email in plain text could help mitigate the risk. The vulnerability affects all supported versions of Microsoft Windows.

Microsoft also updated Windows Search in Microsoft Vista and Windows 2008. Bulletin MS08-075 fixes two critical vulnerabilities that could allow remote code execution. In order to pull off a successful attack, an attacker has to trick a user into clicking a malicious URL, Microsoft said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its bulletin. Windows Search for Windows XP is not affected.

An update to Visual Basic 6.0 Runtime ActiveX Controls, repairs five critical flaws that could be remotely exploited by an attacker. According to Bulletin MS08-070, the flaws could only be exploited if a browses to a website that contains malicious code.

Related information: Microsoft patches critical XML Core Services flaw: The critical Microsoft flaw could be exploited by an attacker to remotely execute code and gain access to critical data. Inside MSRC: Microsoft addresses XML Core Services flaw, RPC flaw: Microsoft's Bill Sisk highlight's the software maker's latest bulletin release and updates readers on the MS08-067 out-of-band release. Trojan exploiting Microsoft RPC flaw: (Security Bytes blog) A new Trojan exploiting the Microsoft RPC flaw propagates automatically through networks and finds cached passwords.

Bulletins MS08-072 and MS08-074 fix eight flaws in Microsoft Office Word and Microsoft Office Outlook and three flaws in Microsoft Office Excel. The Word bulletin addresses an error in the way Rich Text Format (RTF) files are handled. A malicious RFT file could allow an attacker to take complete control of a system, Microsoft said. The Excel bulletin addresses flaws in Excel that could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

MS08-076 addresses two flaws in Windows Media Player and Windows Media Format Runtime that could allow remote code execution. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said. The bulletin was rated important by Microsoft.

Eric Schultze, chief technology officer of, patch management vendor Shavlik Technologies, called the flaws serious despite Microsoft's important rating. Schultze said the bulletin is closely related to the update issued last month fixing flaws in the Server Message Block (SMB).

"Microsoft says that Windows Media Player doesn't play by the same rules as the Operating System, and that's why this issue wasn't fixed in the November patch release," Schultze said in a prepared statement. "This issue could become very serious if attackers figure out how to create the evil URLs. I'd get this one patched right away."

MS08-077 resolves a vulnerability in Microsoft Office SharePoint Server. The bulletin is rated important. It could allow an attacker to elevate their privileges and execute administrative tasks. The attacker must bypasses authentication by browsing to an administrative URL on a SharePoint site, Microsoft said.

"These tasks, while not allowing users direct access to protected information, could cause the server to stop responding to legitimate requests, or could provide additional information to attackers, such as email addresses of the users on the system," Schultze said.

"We are aware of very limited and targeted attacks seeking to exploit this vulnerability," said Christopher Budd, a security program manager in the Microsoft Security Response Center.

As a workaround until a patch is released, Microsoft recommends preventing WordPad from loading Word 97 files by applying an access control list to the specific converter file. If the workaround is deployed, users will no longer be able to open or convert Word 97 files using WordPad.

Tags: Security Patch Management,  Windows Security: Alerts, Updates and Best Practices,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary