Severity: High
9 October, 2007
Summary:
Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.
Exposure:
Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.
MS07-060: Word Memory Corruption Vulnerability
9 October, 2007
Summary:
Today, Microsoft released two security bulletins describing vulnerabilities affecting different Microsoft Office packages including Word (for Windows and Mac), Office SharePoint Server 2007, and Windows SharePoint Services 3.0. By enticing one of your users into opening a maliciously formed Office file, an attacker could exploit the worst of these flaws to execute code on your user’s computer, with your user’s privileges, potentially gaining control of that computer. If you use Office, Word, or SharePoint in your network, you should download, test, and deploy the appropriate patches immediately.
Exposure:
Microsoft’s two security bulletins describe vulnerabilities found in Word, Office SharePoint Server 2007, and Windows SharePoint Services 3.0. The summary below lists the vulnerabilities from highest to lowest severity.
MS07-060: Word Memory Corruption Vulnerability
Microsoft Word for Windows and Mac suffers from an unspecified memory corruption vulnerability. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s level of privileges and permissions. If your user has local administrative privilege, the attacker gains full control of the victim machine. Microsoft’s bulletin doesn’t specify exactly what sort of Office document triggers this vulnerability. We assume typical Word documents (.DOC) trigger the flaw, but we also have to assume that other Office documents could potentially trigger it as well.
Microsoft rating: Critical.
MS07-059: SharePoint Scripting Vulnerability
Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 provide a platform for document management. SharePoint suffers from a vulnerability due to its inability to properly validate URL-encoded requests. By enticing one of your users into clicking a specially crafted URL, an attacker could exploit this vulnerability in an elevation of privilege attack to gain that user’s level of privilege on your SharePoint server. The attacker could also redirect your SharePoint server’s responses to himself, gaining access to confidential information hosted on the server.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for Office and SharePoint that correct these vulnerabilities. Download, test, and deploy the appropriate patches throughout your network immediately.
Other versions of Office are unaffected.
- SharePoint Services 3.0 for Windows 2003
- SharePoint Services 3.0 for Windows 2003 x64 Edition
- Office SharePoint Server 2007
- Office SharePoint Server 2007 x64 Edition
For All WatchGuard Users:
One of these attacks travels as normal-looking HTTP traffic, which you need to allow so your network users can access the World Wide Web. The other involves an unspecified range of Office documents that many administrators prefer to allow into their network. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches correcting these issues.