Lowdown on latest MS security bulletin
John McCormick
Published: 06 Aug 2002 13:50 BST
Risk levels -- some are critical
There are so many different vulnerabilities and they affect different users in so many ways that it wouldn't be profitable to try and detail every single combination here. These are just the highlights. You need to check out the technical details found in each Microsoft Security Bulletin to determine the exact risk level and applicability for each of these vulnerabilities. Here's a brief summary:
MS02-032 (MS01-056) -- Critical. This can allow attacker to run arbitrary code. MS02-036 -- Moderate. This can allow users to gain administrator-level access; no threat to client systems.
MS02-037 -- Moderate. This poses no threat to client systems.
MS02-038 -- Moderate to low for SQL Server 2000. There is no threat to client systems.
MS02-039 -- Critical. This can allow an attacker to take complete control of the server.
Applicability
MS02-032
- Windows Media Player 6.4
- Windows Media Player 7
- Windows Media Player 7.1
- Windows Media Player for Windows XP
MS02-036
Microsoft Metadirectory Services 2.2
MS02-037
Microsoft Exchange Server 5.5
MS02-038
- Microsoft SQL Server 2000
- Microsoft Desktop Engine (MSDE) 2000
MS02-039
Microsoft SQL Server 2000
Mitigating factors
Various mitigating factors exist for these threats, but merely following good security practices is not enough to prevent exploitation of some of these vulnerabilities.
MS02-032 -- If you applied both the earlier patches discussed above, you are protected from some of the issues addressed by the current version of this bulletin, but not all, including one critical vulnerability.
MS02-036 -- Following good practices will block the access that would enable someone to exploit this vulnerability from the Internet. Given access, this vulnerability could only be exploited by an attacker with protocol-level expertise. This isn't a script-kiddie attack and requires a detailed knowledge of the specific installation.
MS02-037 -- If SNMP is not used and IMC is disabled in Exchange, the vulnerability isn't present; however, patching the flaw might be a good idea in case SNMP is enabled in the future. If reverse DNS lookup on EHLO is disabled, the system isn't vulnerable.
MS02-038 -- Following good practices will eliminate most risk. The buffer overrun flaw should not create a vulnerability if the administrator has followed good practices by restricting db_owner and db_ddladmin privileges to trusted users. The SQL Injection Vulnerability can be exploited only if the attacker can log on to the server interactively. Good security practices allow this only for trusted users.
MS02-039 -- The buffer overrun vulnerability can't attack the operating system if the administrator followed good practices and left the SQL Server running in the default Domain user mode. Also, if port 1434 is blocked at the firewall, the server won't be vulnerable.The SQL Server Resolution vulnerability can only cause a denial of service event.
Final word
After a few weeks of relative quiet, a new rash of Microsoft bulletins is upon us. You'll need to decide which ones purport to fix problems that are risky enough to warrant making the update. Although I've tried to hit the high points, this column would become unwieldy if I went into all the gory details on these bulletins. As always, if you have systems identified in the applicability section, you should check out the Microsoft bulletins themselves for all the details before you patch your systems.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
Previous
Did you find this article useful?
82 out of 205 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
