Office applications Toolkit

Microsoft is forced to issue SSL patch for IE

Tags:
Buffer Overflow,
SSL,
Patch,
IE

John McCormick Tech Republic

Published: 09 Sep 2002 16:59 BST

A flurry of new Microsoft Security Bulletins, updates and patches is following closely on the heels of the ground-shaking revelation that Internet Explorer has a critical flaw in the way it handles SSL.

At first, Microsoft released an aloof response about the SSL threat and said it was difficult to exploit. Then a white hat hacker reportedly demonstrated that the vulnerability is easily exploited. Finally, on Sept. 4, Microsoft released a patch for the SSL flaw, and labeled it a "critical" upgrade.

New flaws and patches

Digital certificate deletion, covered in Security Bulletin MS02-048, relates to a flaw in the ActiveX Certificate Enrollment Control, which downloads and manages PKCS#10-compliant certificate requests in Windows. This flaw can trigger a denial of service event, but not for the entire system, just for digital certificate features. According to the Microsoft Bulletin, a successful attack would corrupt trusted root certificates, EFS encryptions certificates, e-mail signatures, and others, locking out this feature entirely.

Cumulative Patch for Internet Explorer (MS02-047) does not include the patch contained in MS02-048 -- nor does it address the SSL vulnerability. Rather, this patch covers the following vulnerabilities:

Buffer Overrun in Gopher Protocol Handler (CAN-2002-0646) (Note: Details on this candidate hadn't been posted on the CVE list at the time of this writing.)
Buffer Overrun in Legacy Text Formatting ActiveX Control (CAN-2002-0647)
XML File Reading via Redirect (CAN-2002-0648)
File Origin Spoofing (CAN-2002-0722)
Cross-Domain Verification in Object Tag (CAN-2002-0723)
Variant of Cross-Site Scripting in Local HTML Resource (CAN-2002-0691)

Buffer Overrun in TSAC ActiveX Control (MS02-046) applies to both Web site administrators and end users. The Terminal Services Advanced Client ActiveX control is used to run Terminal Services and provide that capability over the Web.

Unchecked Buffer in Network Share Provider (MS02-045) is a denial of service vulnerability. Microsoft says that network administrators should "consider" installing this patch. It doesn't appear to be a serious problem.

Unsafe Functions in Office Web Components (MS02-044) addresses three vulnerabilities that would allow an attacker to run arbitrary code on a client system, read files, and read the contents of the local clipboard.

Applicability

Digital certificate deletion
This problem affects Windows 98, NT4, and all later versions of Windows.

Cumulative IE Patch
This patch affects Internet Explorer versions 5.01, 5.5, and 6.0. All of the vulnerabilities apply to nearly all of these versions.

Buffer Overrun in TSAC
To learn if this component is installed on your system(s), check out the detailed procedure in MS02-046. See the mitigating factors below for some more details about what is affected.

Unchecked Buffer in Network Share Provider
This problem affects:

Windows NT 4.0 Workstation, Server, and Terminal Server Edition.
Windows 2000 Professional, Server, and Advanced Server.
Windows XP Professional.

Earlier versions of Windows are also probably vulnerable, but Microsoft no longer supports them and didn't test them for vulnerabilities.

Unsafe Functions in Office Web Components
Affected software includes Microsoft Office Web Components 2000 and Office Web Components 2002. These are available by download but are already included with:

BackOffice Server 2000
BizTalk Server 2000
BizTalk Server 2002
Commerce Server 2000
Commerce Server 2002
Internet Security and Acceleration Server 2000
Money 2002
Money 2003
Office 2000
Office XP
Project 2002
Project Server 2002
Small Business Server 2000

Risk levels

Digital certificate deletion -- Critical for client systems, low for servers
Cumulative Patch for Internet Explorer -- Critical for many of the vulnerabilities
Buffer Overrun in TSAC -- Low for servers, moderate for clients
Unchecked Buffer in Network Share Provider -- Low for all Internet servers, moderate for all intranet servers and client systems
Unsafe Functions in Office Web Components -- Critical for clients, low to moderate for servers

Go to section: