Severity: High
10 July, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components that ship with it. By sending a specially crafted packet, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows 2000 machines. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for July and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below, listed from highest to lowest severity.
MS07-039: Windows Active Directory LDAP Vulnerability
Severity: High
10 July, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components that ship with it. By sending a specially crafted packet, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows 2000 machines. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for July and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below, listed from highest to lowest severity.
MS07-039: Windows Active Directory LDAP Vulnerability
Windows Active Directory (AD) is Microsoft’s implementation of the Lightweight Directory Access Protocol (LDAP). According to Microsoft, the LDAP service that ships with Windows 2000 Server and Windows Server 2003 suffers from two vulnerabilities: a code execution flaw, and a Denial of Service (DoS) flaw. Though they differ in the technicalities, both vulnerabilities stem from the same general issue. Microsoft’s LDAP service doesn’t properly validate certain attributes in LDAP requests. By sending a maliciously crafted LDAP request, an anonymous attacker could exploit the worst of these two flaws to gain complete control of your Windows 2000 servers. (The vulnerability is less severe on Windows Server 2003 machines, where the attacker would need valid Windows authentication credentials in order to exploit these flaws.) One factor reduces the overall risk: your Firebox blocks incoming LDAP requests by default. An attacker would most likely need local access to your network in order to exploit these LDAP vulnerabilities.
Microsoft rating: Critical for Windows 2000 Servers
MS07-041: Windows XP Professional IIS Buffer Overflow vulnerability
Windows XP Professional (but not Windows XP Home) ships with Internet Information Services (IIS) 5.1, which is Microsoft’s web server. The IIS service that ships with XP Professional suffers from a buffer overflow vulnerability involving its URL parser. By tricking one of your users into clicking a specially crafted URL, an attacker could exploit this flaw to gain complete control of susceptible machines. However, XP Professional does not install the IIS service by default. You only have to worry about this flaw if you’ve installed the IIS server on some of your XP Professional machines.
Microsoft rating: Important for Windows XP Professional
MS07-038: Information Disclosure Vulnerability in Vista
Windows Vista installs a service called Teredo, which Microsoft calls an IPv6 translation technology. Because of an implementation issue, the Vista firewall doesn’t apply its rules to Teredo connections. If an attacker can trick a Vista user into clicking a specially crafted link, the attacker could activate Teredo and initiate a communication session despite Vista’s firewall. However, without valid login credentials, the attacker could only exploit the Teredo connection to gain information about his victim’s system, such as what services are running. The attacker couldn’t use this flaw to gain control of the machine.
Microsoft rating: Moderate for Vista
Solution Path:
Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.
Doesn’t affect XP Home or XP 64-bit editions.
For All WatchGuard Users:
Although your Firebox prevents external attackers from exploiting one of these flaws, the other flaws could be exploited via normal web or email traffic. Because of the diversity of attack scenarios these vulnerabilities present, and the possibility of local (internal) attacks that do not pass through your firewall, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.
References:
- Microsoft Security Bulletin MS07-038
- Microsoft Security Bulletin MS07-039
- Microsoft Security Bulletin MS07-041
This alert was researched and written by Corey Nachreiner, CISSP.