Severity: High
12 June, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components that ship with it. By enticing one of your users to a malicious Web site, a remote attacker could exploit the worst of these flaws to execute code and potentially gain complete control of your user’s computer. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for June and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below, listed from highest to lowest severity.
MS07-035: Win32 API Vulnerability
The Win32 Application Programming Interface (API) that ships with Windows suffers from an unspecified vulnerability involving its inability to properly validate parameters passed to functions. By luring one of your users to a malicious Web site, a remote attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your user has local administrative privileges, an attacker could exploit this flaw to gain complete control of your user’s PC.
Microsoft rating: Critical.
Severity: High
12 June, 2007
Summary:
Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components that ship with it. By enticing one of your users to a malicious Web site, a remote attacker could exploit the worst of these flaws to execute code and potentially gain complete control of your user’s computer. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for June and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below, listed from highest to lowest severity.
MS07-035: Win32 API Vulnerability
The Win32 Application Programming Interface (API) that ships with Windows suffers from an unspecified vulnerability involving its inability to properly validate parameters passed to functions. By luring one of your users to a malicious Web site, a remote attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your user has local administrative privileges, an attacker could exploit this flaw to gain complete control of your user’s PC.
Microsoft rating: Critical.
MS07-031: Windows Schannel Security Package Vulnerability
According to Microsoft, the Secure Channel (Schannel) security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol standards. The Schannel package suffers from an unspecified vulnerability involving its inability to properly validate digital signatures during an SSL handshake. By getting one of your users to visit a web page containing a specially crafted digital signature, an attacker could exploit this flaw to do one of three things, depending on that user’s version of Windows: In Windows 2000, the attack crashes the Schannel package, preventing your user from reaching web sites or resources that rely on SSL and TLS. In Windows 2003, the attack restarts your user’s computer.In Windows XP, the attack executes code, giving the attacker complete control of your user’s machine.
Microsoft rating: Critical for Windows XP
MS07-032: Windows Vista Local Information Disclosure Vulnerability
Microsoft’s description of this vulnerability is extremely vague. From what we can decipher, Microsoft didn’t set the right permissions on certain user information stores in Vista’s registry and file system. As a result, unprivileged attackers can access these information stores. First, an attacker with physical access to one of your Vista machines could exploit this flaw to gain valid login credentials. Then, using those stolen login credentials, the attacker could log in to your system and exploit this issue again to gain access to data in any user account, including the administrator’s. The attacker either needs valid login credentials, or physical access to your Vista machine, in order to exploit this flaw.
Although Microsoft doesn’t say so, we suspect this alert could relate to a recently disclosed hack which allows you to gain unauthorized control of a Vista machine using the Vista installation disc’s Repair Computer / System Recovery.
Microsoft rating: Moderate.
Solution Path:
Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.
Doesn’t affect Vista.
Doesn’t affect Vista.
For All WatchGuard Users:
Attackers could exploit some of these flaws via normal Web or email traffic. Because of the diversity of attack scenarios these vulnerabilities present, and the possibility of local (internal) attacks that do not pass through the firewall, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.