Lowdown on latest MS security bulletin
John McCormick
Published: 06 Aug 2002 13:50 BST
On July 24, Microsoft released five new Security Bulletins: MS02-032 (update), MS02-036, MS02-037, MS02-038, and MS02-039. They include pertinent security information affecting multiple Microsoft products, led by several key fixes for SQL Server 2000. Let's take a closer look.
Security Bulletin details
MS02-032 -- Cumulative Patch for Windows Media Player
If you find this one more than a bit confusing, you're not alone. It will take the most explanation. You have to read the entire description because this actually applies to everyone with Windows Media Player. MS02-032 includes a cumulative patch of vulnerabilities first described as "patched" in MS01-052. But not all of the fixes described in MS01-052 were actually included in the "cumulative" patch MS02-032, as initially released on June 26, 2002.
Microsoft reports that, if you applied the patches supplied with MS01-052 and the ones originally supplied with MS02-032, your system is not vulnerable to the original threats. But if you relied on the "cumulative" label on the initial release of MS02-032 and applied only that patch, all of the Media Player vulnerabilities covered by MS01-052 have not been fixed. The bottom line is that you now need to apply the new patches supplied with the latest release of MS02-032, which now includes all the updated files found in MS01-052.
But wait, there's a pitfall. Even if you had applied both earlier patches, all this talk about what's patched and what isn't is moot. You still need the new MS02-032 patch because it also patches three new vulnerabilities, one of which is rated as critical.
The following three vulnerabilities are new and are addressed only by this newest patch for Media Player:
- Cache Path Disclosure -- Critical. This could allow an attacker to run arbitrary code on client systems.
- Privilege Elevation -- Critical, but only for Media Player 7.1 running on Windows 2000. This vulnerability can allow someone with physical access to a Windows 2000 system to increase his or her access to the highest level.
- Playback Script Execution -- Low. This allows the attacker to run an arbitrary script but only under special circumstances, and there is a time-critical element, which makes this very unlikely to be exploited.
MS02-032 also has some other security enhancements not related to specific vulnerabilities.
MS02-036 -- Authentication Flaw in Microsoft Metadirectory Services
MMS is an enterprise tool used to manage and integrate various resources. The vulnerability is due to a flaw that can allow a user to log onto the system through the LADP client and gain access at the administrator level.
MS02-037 -- Server Response to SMTP Client EHLO Command Results in Buffer Overrun
There is a buffer overrun vulnerability in the way Internet Mail Connector (IMC) handles the SNMP extended Hello (EHLO) requests. IMC enables SNMP connections.
MS02-038 -- Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution
This bulletin addresses two new vulnerabilities. The first, CAN-2002-0644, is a buffer overrun in database consistency checkers. The second, CAN-2002-0645, is a SQL injection vulnerability in Replication Stored Procedures.
MS02-039 -- Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution
This one addresses three new vulnerabilities. Two are buffer overruns involving the Resolution Service and affect either the stack or the heap. The other is a denial of service attack that involves spoofing addresses to start an endless loop of keep-alive packet exchanges. These packets are used by the SQL Server to shut down inactive accounts.
Previous
Did you find this article useful?
82 out of 205 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
