Advertisement
Promo

Security threats Toolkit

Microsoft issues eight Windows fixes

Joris Evers CNET News

Published: 15 Nov 2006 10:39 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft on Tuesday provided fixes for eight flaws related to Windows, including three that could be used to compromise a system without any user interaction.

As expected, the company issued six security bulletins as part of its monthly patch cycle. Five of the updates were tagged "critical", Microsoft's highest rating of attack risk. One alert, MS06-069, calls out flaws in Adobe Systems' Macromedia Flash Player, which shipped with Windows XP. The others cover vulnerabilities in Microsoft software.

All of Microsoft's fixes address vulnerabilities in software related to its Windows operating system. Three of the security holes could be exploited remotely by an anonymous attacker without the user having to take any action, such as clicking on a link. The remaining five would require people to visit a malicious website or open a malicious file for an attack to succeed, according to Microsoft's alerts.

The most urgent issue is a flaw in Microsoft's "Workstation Service" in Windows 2000 and Windows XP, said Amol Sarwate, a research manager at vulnerability-management company Qualys. "Attackers can remotely send malicious packets and cause code execution," he said. The problem is described in Microsoft alert MS06-070.

The Workstation Service routes file system and print requests, both local and on a network. It is a key part of Windows that can't be turned off or easily protected by a firewall, Sarwate said. "Really, the only solution is to apply the patch as soon as possible," he said.

The problem is most severe for Windows 2000, said Christopher Budd, a security program manager at Microsoft. "There is the potential risk of a worm for Windows 2000, but you don't have that with Windows XP SP2," he said. The threat to Windows XP is mitigated because of its firewall and different networking technology, Budd said.

A hacker could exploit the Workstation Service flaw by creating a specially crafted message and sending it to a vulnerable computer. "An attacker who successfully exploited this vulnerability could take complete control of the affected system," Microsoft said in its security bulletin, which it rates "critical".

More worm holes
Two other vulnerabilities expose Windows machines to a similar risk of being used to spawn worms. These affect Microsoft's Client Service for NetWare and the NetWare Driver, which let Windows systems access network services on servers running Novell NetWare. However, this software is not installed by default.

"The NetWare software could be turned off. It is just less prevalent," Sarwate said. In security bulletin MS06-066, Microsoft deems the NetWare issues "important", one notch below "critical" in its four-tiered rating scheme.

The WorkStation Service and NetWare flaws are the network security issues addressed by Microsoft's bulletins. The other problems require some form of user action to be exploited and are known as client-side flaws.

The Microsoft Agent, a help tool that succeeded the famous Clippy Office assistant, is flawed in the way it handles certain files, Microsoft said in bulletin MS06-068. Opening a malformed ".acf" file could cause PC compromise, it said.

Patching zero-days
The WorkStation Service, NetWare and Agent issues had not been disclosed earlier, which means there are no known attacks that exploit these flaws. Some of Microsoft's other fixes, however, are for vulnerabilities that are already being used in attacks.

A "critical" update for Internet Explorer, MS06-067, addresses three vulnerabilities, two of which cybercrooks are already tapping. An expected patch for XML Core Services delivered with bulletin MS06-071 plugs a flaw in that Windows add-on that had also surfaced in cyberattacks.

The IE update also addresses a new flaw, which lies in the way it handles certain HTML, or hypertext markup language, layout combinations, Microsoft said.

"Many of the issues addressed in this month's batch of patches attend to publicly exploited issues," Alfred Huger, a senior director at Symantec Security Response, said in a statement. "Attackers are exploiting vulnerabilities with increasing speed, and it's imperative that computer users protect themselves by installing updated software patches as quickly as possible."

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
317 out of 409 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment

South Korea plans to fingerprint visit...

The South Korean authorities could fingerprint and photograph foreign visitors from 2012, the Korea Times reported on Tuesday. Barring diplomats and government operatives, all visitors... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters