[ISN] MS Patches Trio of Windows Flaws

From: InfoSec News (isnat_private)
Date: Thu Jul 17 2003 - 00:45:36 PDT

Next message: InfoSec News: "RE: [ISN] DHS selects Dell for software"

Previous message: InfoSec News: "Re: [ISN] Clarke Takes Gov't to Task Over Security"
Next in thread: InfoSec News: "Re: [ISN] MS Patches Trio of Windows Flaws"
Reply: InfoSec News: "Re: [ISN] MS Patches Trio of Windows Flaws"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,3959,1187632,00.asp

By Dennis Fisher
July 9, 2003 

Microsoft Corp. on Wednesday issued patches for three flaws in various
versions of Windows, two of which give attackers the ability to run
whatever code they wish on vulnerable machines.
 
The most serious of the vulnerabilities affects all currently
supported versions of Windows, from Windows 98 up through Windows
Server 2003. The problem lies in the HTML converter, which allows
users to handle HTML files. A vulnerability results from the way the
converter handles conversion requests during cut-and-paste operations.

An attacker who could create a special conversion request could cause
the converter to fail in a way that enables the attacker to execute
code on the user's machine. The code would run with the user's
privileges. The patch for this flaw is here [1].

The second vulnerability affects Windows NT 4.0, Windows 2000 and XP
Professional and results from a buffer overrun in a portion of the
operating system that handles Server Message Block requests. When the
Windows server receives SMB packets, it fails to validate the length
of the buffer established by the packet. As a result, an attacker
could use a malicious SMB request to overrun the buffer, which would
cause one of three things to happen: data corruption, a system failure
or code execution.

However, in order to exploit this flaw, the attacker would need to be
authenticated to the server. The patch for this issue is located here
[2].

The third flaw affects only Windows 2000 and results because the
Windows Utility Manager handles some messages incorrectly. The control
that provides the list of accessibility options to the user doesn't
validate Windows messages sent to it. This allows one interactive
process to use a specific message to cause the Utility Manager to
execute a callback function to the address of its choice.

Because the Utility Manager runs at a higher privilege level, this
would allow the inferior process with a way to use the Utility
Manager's privilege set. An attacker able to exploit this would have
complete control over the compromised system, Microsoft said in its
bulletin. But, this flaw cannot be exploited remotely.

The patch for this vulnerability is here [3].

[1] http://www.microsoft.com/security/security_bulletins/ms03-023.asp
[2] http://www.microsoft.com/security/security_bulletins/ms03-024.asp
[3] http://www.microsoft.com/security/security_bulletins/ms03-025.asp



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "RE: [ISN] DHS selects Dell for software"
Previous message: InfoSec News: "Re: [ISN] Clarke Takes Gov't to Task Over Security"
Next in thread: InfoSec News: "Re: [ISN] MS Patches Trio of Windows Flaws"
Reply: InfoSec News: "Re: [ISN] MS Patches Trio of Windows Flaws"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 04:06:49 PDT