Severity: High
9 October, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for October and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.
Severity: High
9 October, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for October and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.
MS07-055 : Kodak Image Viewer Remote Code Execution Vulnerability
The Kodak Image Viewer ships with Windows and allows you to view digital images. Unfortunately, the Kodak Image Viewer suffers from an unspecified “code execution vulnerability” involving the way it parses specially crafted images. By enticing one of your users into opening and viewing a malicious image (for example, one from a web site or attached to an email), an attacker could exploit this vulnerability to execute code on your user’s machine, with your user’s privileges. If your user has local administrative privileges, the attacker gains complete control of your user’s machine. Microsoft’s bulletin doesn’t specify exactly what sort of image file triggers this vulnerability, or whether it’s triggered only by Kodak image formats (KDC, KDK, KIC, etc) or more typical images formats (BMP, JPG, GIF, etc.). We have to assume that every image type that the Kodak Image Viewer handles could potentially trigger this flaw.
Microsoft rating: Critical .
MS07-056 : Outlook Express and Windows Mail NNTP Memory Corruption Vulnerability
Windows ships with either the Outlook Express (OE) or the Windows Mail (WM) email client to allow you to download and read your email. According to Microsoft, both these email clients suffer from a memory corruption vulnerability involving the way they handle the Network News Transfer Protocol (NNTP) . By enticing one of your users to a specially designed web page containing NNTP content, an attacker could exploit this vulnerability to execute code on that user’s computer with that user’s privileges. Since typical Windows users have local administrative privileges, attackers can usually exploit this flaw to gain complete control of Windows machines.
Microsoft rating: Critical.
MS07-058 : Microsoft RPC Denial of Service Vulnerability
Microsoft Remote Procedure Call (RPC) is a protocol that allows Windows servers and clients to communicate with one another, and execute programs over a network. The RPC service that ships with Windows suffers from an unspecified Denial of Service (DoS) vulnerability involving one of its authentication methods. By sending a specially crafted RPC packet, an attacker can exploit this vulnerability to restart your Windows systems. A persistent attacker could repeat this attack to keep your Windows systems offline for as long as he liked. However, most administrators block the Microsoft RPC ports (ports 135, 137, 138, 139, 445, and 592) at their firewall. Therefore, we consider this primarily an internal threat.
Solution Path
Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note : Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services web site .
MS07-055 :
Doesn’t affect Vista or 64-bit versions of Windows.
MS07-056 :
- 2000
- XP SP2 (OE6)
- XP x64 (OE6)
- Server 2003 (OE6)
- Server 2003 Itanium Edition (OE6)
- Server 2003 x64 (OE6)
- Vista (Windows Mail)
- Vista x64 (Windows Mail)
MS07-058 :
For All WatchGuard Users:
WatchGuard Fireboxes, by default, reduce the risks presented by many of these vulnerabilities. However, attackers could exploit some of these flaws via normal web or email traffic. Because of the diversity of attack scenarios these vulnerabilities present, and the possibility of local (internal) attacks that do not pass through the firewall, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.
References: