Severity: High
13 November, 2007
Summary:
Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows. A remote attacker could exploit the worst of these flaws to execute code on your Windows XP or Windows Server 2003 computers, potentially gaining complete control of them. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for November and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s two security bulletins detail vulnerabilities found in components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the sole Critical vulnerability first.
MS07-061: URI Handling Code Execution Vulnerability
Severity: High
13 November, 2007
Summary:
Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows. A remote attacker could exploit the worst of these flaws to execute code on your Windows XP or Windows Server 2003 computers, potentially gaining complete control of them. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for November and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft’s two security bulletins detail vulnerabilities found in components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the sole Critical vulnerability first.
MS07-061: URI Handling Code Execution Vulnerability
Uniform Resource Identifiers (URI) are short strings of characters used to identify or name resources on networks, including the Internet. For instance, a URL such as http://www.watchguard.com is actually one form of a URI, telling you where to find WatchGuard’s web site. Besides identifying and addressing resources on a network, URIs also tell your computer how to handle those resources. For instance, the “http://” portion of “http://www.watchguard.com” tells your computer it needs to use a web browser to handle the resource “www.watchguard.com.” Likewise, a URI beginning with “ftp://” informs your computer that it needs to use a File Transfer Protocol client to handle any following resource.
Windows’ shell suffers from an unspecified vulnerability in the way it handles invalid URIs. By enticing one of your users into opening an email attachment, or into visiting a maliciously crafted web site, an attacker could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. If the victim Windows user has local administrative privileges, an attacker could leverage this vulnerability to take over the victim’s machine. This vulnerability affects Windows XP and Server 2003 only.
Microsoft rating: Critical.
MS07-062: Window DNS Server Spoofing Vulnerability
Windows’ DNS Server suffers from a vulnerability that could allow attackers to spoof DNS responses, thus redirecting your users’ legitimate web requests to potentially malicious web sites. The flaw stems from the DNS server’s inability to create truly random transaction values. Since an attacker can predict your DNS server’s transaction values, she can respond in place of your server, thus “poisoning” the DNS response. (For more detail on this general attack vector, read the LiveSecurity article, “DNS Pharming“) However, most small to medium businesses use internal DNS servers. In such a case, an attacker would need local access to your network in order to exploit this flaw. Therefore, we consider this vulnerability primarily an internal threat. Only the server versions of Windows, such as Windows 2000 Server or Server 2003, ship with the vulnerable DNS Servers.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for Windows to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft recommends that you migrate to supported versions, thus preventing potential exposure to vulnerabilities. You can learn more about Microsoft’s Product Life-Cycle here.
Note: Windows 2000 and Vista are not affected
Note: Non-server Windows versions not affected
For All WatchGuard Users:
Attackers could exploit the URI handling vulnerability (MS07-061) via normal HTTP and SMTP traffic, which you must allow for your users to browse the web. Attackers can only exploit MS07-062 in a local (internal) attack that does not pass through the firewall. Because of the diversity of attack scenarios these vulnerabilities present, your best defense is to apply the patches above.
Status:
Microsoft has released patches correcting these issues.