Severity: High
14 August, 2007
Summary:
Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for August and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s four security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.
MS07-046:Graphics Device Interface (GDI) Remote Code Execution Vulnerability
Severity: High
14 August, 2007
Summary:
Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for August and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s four security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.
MS07-046:Graphics Device Interface (GDI) Remote Code Execution Vulnerability
The Graphics Device Interface (GDI) that ships with all current versions of Windows suffers from an unspecified “code execution vulnerability” involving the way the GDI handles specially crafted images. By enticing one of your users into opening and viewing a malicious image (for example, one from a web site or attached to an email), an attacker could exploit this vulnerability to execute code on your user’s machine, with your user’s privileges. If your user has local administrative privileges, the attacker gains complete control of your user’s machine. Microsoft’s bulletin doesn’t specify exactly what sort of image file triggers this vulnerability. We have to assume that every image type that GDI handles (BMP, JPG, GIF, etc.) could potentially trigger this flaw.
Microsoft rating: Critical.
MS07-042: XML Core Services Memory Corruption Vulnerability
Microsoft’s XML Core Services (MSXML) provide a higher degree of support for XML standards in Windows. Though the XML Core Services do not ship with all versions of Windows, they do ship with a variety of popular Microsoft products and software updates, including some versions of Internet Explorer. You’re likely to find the XML Core Services on most of your Windows workstations. (For a complete list of products that include the XML Core Services, scroll to the bottom of this Microsoft Knowledge Base article.)
Microsoft warns that a specially crafted script could cause a memory corruption vulnerability in the XML Core Services. By tricking one of your users into visiting a malicious Web page, an attacker can exploit this memory corruption vulnerability to execute code on your user’s computer, inheriting your user’s privileges. As usual, if your user has local administrator privileges, the attacker gains full control of the computer. This flaw affects all current versions of Windows and also affects Office.
Microsoft rating: Critical.
MS07-043: OLE Automation Memory Corruption Vulnerability
According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data or control another application. Microsoft warns that a specially crafted script could cause a memory corruption vulnerability in the OLE Automation component. By enticing one of your users to a specially designed Web page, an attacker could exploit this vulnerability to execute code on that user’s computer with that user’s privileges. Since typical Windows users have local administrative privileges, attackers can usually exploit this flaw to gain complete control of Windows machines. This vulnerability also affects Office 2004 for Mac and Visual Basic 6.
Microsoft rating: Critical.
MS07-048: Three Remote Code Execution Vulnerabilities in Vista Gadgets
Windows Vista features a Sidebar with little mini-programs called Gadgets. Gadgets are designed to offer information at a glance, or to perform common tasks quickly. They’re very similar to OS X’s Dashboard Widgets. Vista’s Feed Headlines, Contacts, and Weather Gadgets all suffer from remote code execution vulnerabilities. An attacker can exploit any of these three vulnerabilities to run arbitrary programs on one of your Vista user’s computers, with that user’s privileges. Say it with us: If your users have local administrative privileges, the attacker gains complete control of their machines. How the attacker exploits these vulnerabilities depends on which Gadget she attacks. For instance, to exploit the Feed Headlines Gadget vulnerability, the attacker needs to entice your user to subscribe to an RSS feed, and then to download a specially crafted RSS post. In short, all three of these attacks require significant user interaction to succeed.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.
- 2000
- XP SP2
- XP x64
- Server 2003
- Server 2003 Itanium Edition
- Server 2003 x64
- Vista
- Vista x64
- Office
- 2000
- XP SP2
- XP x64
- Server 2003
- Server 2003 Itanium Edition
- Server 2003 x64
- Office 2004 for Mac
- Visual Basic 6.0
Doesn’t affect Vista.
For All WatchGuard Users:
WatchGuard Fireboxes, by default, reduce the risks presented by many of these vulnerabilities. However, attackers could exploit some of these flaws via normal Web or email traffic. Because of the diversity of attack scenarios these vulnerabilities present, and the possibility of local (internal) attacks that do not pass through the firewall, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.