Re: [ISN] MS Patches Trio of Windows Flaws

From: InfoSec News (isnat_private)
Date: Fri Jul 18 2003 - 00:46:54 PDT

  • Next message: InfoSec News: "RE: [ISN] Update: Money seen as biggest obstacle to effective IT security"

    Forwarded from: Mark Bernard <mbernardat_private>
    
    Dear Associates,
    
    By now we are all perhaps to familiar with the phase
    'buffer-over-flow'. But as Microsoft apparently is systematically
    working through each and every open buffer has anyone stopped to ask
    the question, what will be the draw backs of these changes? Could
    these changes inherently create a domino affect and/or lead to more
    vulnerabilities or different vulnerabilities? Maybe even more sever
    vulnerabilities.
    
    When I did write code once upon a time, we used many, many different
    ways to pass information from one application to another. A buffer
    zone only represented one type of memory allocation device.
    Controlling a buffer will limit the flexibility of that particular
    application no doubt while reducing risk. However, what about all the
    other allocated fields within the very same buffer or what about the
    other types memory allocation devices such as arrays, indexes, etc...
    
    It would be interesting to know how many of these on going problems
    are truly bran new and how many are being created by each new patch.
    Something to think about.
    
    Regards,
    Mark E. S. Bernard, CISM, CISSP
    
    
    
    ----- Original Message ----- 
    From: "InfoSec News" <isnat_private>
    To: <isnat_private>
    Sent: Thursday, July 17, 2003 4:45 AM
    Subject: [ISN] MS Patches Trio of Windows Flaws
    
    
    > http://www.eweek.com/article2/0,3959,1187632,00.asp
    >
    > By Dennis Fisher
    > July 9, 2003
    >
    > Microsoft Corp. on Wednesday issued patches for three flaws in
    > various versions of Windows, two of which give attackers the ability
    > to run whatever code they wish on vulnerable machines.
    >
    > The most serious of the vulnerabilities affects all currently
    > supported versions of Windows, from Windows 98 up through Windows
    > Server 2003. The problem lies in the HTML converter, which allows
    > users to handle HTML files. A vulnerability results from the way the
    > converter handles conversion requests during cut-and-paste
    > operations.
    >
    > An attacker who could create a special conversion request could
    > cause the converter to fail in a way that enables the attacker to
    > execute code on the user's machine. The code would run with the
    > user's privileges. The patch for this flaw is here [1].
    >
    > The second vulnerability affects Windows NT 4.0, Windows 2000 and XP
    > Professional and results from a buffer overrun in a portion of the
    > operating system that handles Server Message Block requests. When
    > the Windows server receives SMB packets, it fails to validate the
    > length of the buffer established by the packet. As a result, an
    > attacker could use a malicious SMB request to overrun the buffer,
    > which would cause one of three things to happen: data corruption, a
    > system failure or code execution.
    >
    > However, in order to exploit this flaw, the attacker would need to
    > be authenticated to the server. The patch for this issue is located
    > here [2].
    >
    > The third flaw affects only Windows 2000 and results because the
    > Windows Utility Manager handles some messages incorrectly. The
    > control that provides the list of accessibility options to the user
    > doesn't validate Windows messages sent to it. This allows one
    > interactive process to use a specific message to cause the Utility
    > Manager to execute a callback function to the address of its choice.
    >
    > Because the Utility Manager runs at a higher privilege level, this
    > would allow the inferior process with a way to use the Utility
    > Manager's privilege set. An attacker able to exploit this would have
    > complete control over the compromised system, Microsoft said in its
    > bulletin. But, this flaw cannot be exploited remotely.
    >
    > The patch for this vulnerability is here [3].
    >
    > [1] http://www.microsoft.com/security/security_bulletins/ms03-023.asp
    > [2] http://www.microsoft.com/security/security_bulletins/ms03-024.asp
    > [3] http://www.microsoft.com/security/security_bulletins/ms03-025.asp
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 04:05:17 PDT