[ISN] Microsoft Issues Four Security Bulletins

From: InfoSec News (isnat_private)
Date: Fri Oct 04 2002 - 02:22:36 PDT

  • Next message: InfoSec News: "[ISN] E-Mail Worm Continues to Spread"

    By Nate Mook, BetaNews 
    October 3rd, 2002, 8:42 PM 
    In four TechNet security bulletins, Microsoft late Wednesday disclosed
    eleven vulnerabilities related to Windows and SQL Server, five of
    which are labeled critical. Patches have been released for each flaw,
    and will likely soon be available on Windows Update. The bulletins
    come a day after Microsoft CEO Steve Ballmer sent out a memo
    discussing actions the company is taking to improve software updates
    and customer feedback.
    The first posted vulnerabilities involve decompression of ZIP files
    that are natively supported in Windows Me, XP and Windows 98 with
    Plus! Pack. A malformed filename could cause Explorer to crash or an
    attacker's code to be run, according to the bulletin. In addition, an
    attacker could place files in directories other than those specified
    by the user, without notification.
    A more serious flaw involves the HTML Help facility in Windows, which
    uses an ActiveX control that contains an unchecked buffer. According
    to Microsoft, "An attacker who successfully exploited the
    vulnerability would be able to run code in the security context of the
    user, thereby gaining the same privileges as the user on the system."
    In addition, HTML Help incorrectly runs help files delivered over the
    Internet within the Local Computer Zone, allowing a malicious file to
    perform actions on the system without a user's consent.
    A cumulative patch for SQL Server was released alongside notice of
    four new vulnerabilities, the most serious of which could give an
    attacker full control over a database server. "By sending a specially
    malformed login request to an affected server, an attacker could
    either cause the server to fail or gain the ability to overwrite
    memory on the server, thereby potentially running code on the server
    in the security context of the SQL Server service," the bulletin
    reads. SQL Server 97, 2000, and MSDE 1.0 and 2000 are affected.
    The last three vulnerabilities involve Microsoft's Services for UNIX
    3.0 included on the Interix SDK. A Sun Microsystems RPC library in the
    SDK includes two potential buffer overflows and an implementation
    error that could lead to a denial of service attack.
    More information on Microsoft security announcements and patches can
    be found on Microsoft's TechNet Security Web site.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 06:10:09 PDT