[ISN] MS Patches Trio of Windows Flaws

From: InfoSec News (isnat_private)
Date: Thu Jul 10 2003 - 00:22:33 PDT

  • Next message: InfoSec News: "[ISN] Porn Purveyors Getting Squeezed"

    http://www.eweek.com/article2/0,3959,1187643,00.asp
    
    By Dennis Fisher
    July 9, 2003 
    
    Microsoft Corp. on Wednesday issued patches for three flaws in various 
    versions of Windows, two of which give attackers the ability to run 
    whatever code they wish on vulnerable machines.
     
    The most serious of the vulnerabilities affects all currently 
    supported versions of Windows, from Windows 98 up through Windows 
    Server 2003. The problem lies in the HTML converter, which allows 
    users to handle HTML files. A vulnerability results from the way the 
    converter handles conversion requests during cut-and-paste operations. 
    
    An attacker who could create a special conversion request could cause 
    the converter to fail in a way that enables the attacker to execute 
    code on the user's machine. The code would run with the user's 
    privileges. The patch for this flaw is here [1]. 
    
    The second vulnerability affects Windows NT 4.0, Windows 2000 and XP 
    Professional and results from a buffer overrun in a portion of the 
    operating system that handles Server Message Block requests. When the 
    Windows server receives SMB packets, it fails to validate the length 
    of the buffer established by the packet. As a result, an attacker 
    could use a malicious SMB request to overrun the buffer, which would 
    cause one of three things to happen: data corruption, a system failure 
    or code execution. 
    
    However, in order to exploit this flaw, the attacker would need to be 
    authenticated to the server. The patch for this issue is located 
    here [2]. 
    
    The third flaw affects only Windows 2000 and results because the 
    Windows Utility Manager handles some messages incorrectly. The control 
    that provides the list of accessibility options to the user doesn't 
    validate Windows messages sent to it. This allows one interactive 
    process to use a specific message to cause the Utility Manager to 
    execute a callback function to the address of its choice. 
    
    Because the Utility Manager runs at a higher privilege level, this 
    would allow the inferior process with a way to use the Utility 
    Manager's privilege set. An attacker able to exploit this would have 
    complete control over the compromised system, Microsoft said in its 
    bulletin. But, this flaw cannot be exploited remotely. 
    
    The patch for this vulnerability is here [3]. 
    
    [1] http://www.microsoft.com/security/security_bulletins/ms03-023.asp
    [2] http://www.microsoft.com/security/security_bulletins/ms03-024.asp
    [3] http://www.microsoft.com/security/security_bulletins/ms03-025.asp
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 03:08:55 PDT