11 June 2008, 13:34

Microsoft fixes 10 security vulnerabilities

Microsoft has, as announced, released seven security bulletins and associated updates which fix a total of 10 security vulnerabilities. Three of the updates fix critical bugs. These include a vulnerability in the Bluetooth stack – MS08-030, which can be used to inject and execute code. According to the advisory, the bug occurs where there are a large number of Service Discovery Protocol (SDP) packets on a vulnerable system.

Microsoft has also fixed two critical vulnerabilities in Internet Explorer – MS08-031. Specific unexpected method calls to HTML objects can be used to compromise a Windows PC. In addition, it is possible to bypass the browser's same origin policy using specific request headers, allowing JavaScript to access data from other domains. Attackers could, for example, use this method to read online banking forms.

Finally, the Redmond-based company has fixed two critical bugs in DirectX – MS08-033. Using crafted AVI or ASF files, it is possible to trigger a bug in the Windows MJPEG codec which can be exploited to inject and execute code. The situation is similar when processing crafted SAMI files.

Microsoft classifies three of the updates as important. One of these prevents remote attackers from gaining control of a system using specific WINS packets – MS08-034. Since the Windows Internet Name Service is not usually routed, only local networks are affected. A further update immunises Active Directory (AD) against certain LDAP packets (MS08-035). Without the patch, the service does not correctly check the packets, which can cause the computer to crash and restart. In principle, this only affects server system, such as Microsoft Windows 2000 Server, Windows Server 2003 and Windows Server 2008, however where Active Directory Application Mode (ADAM) is installed on a Windows XP client, it too will be affected. A patch described in bulletin MS08-036 irons out two denial of service vulnerabilities in the PGM (Pragmatic General Multicast) protocol, which can cause Windows to freeze.

The seventh and final bulletin, MS08-032, describes a somewhat curious vulnerability in Vista, which was first reported in January 2007. Windows Vista's speech recognition system can be abused to remotely send unauthorised commands to a computer. A website could, for example, play an audio file over the system speakers, which could be picked up by the microphone and interpreted as commands issued by the user. By default Vista prevents attackers from executing commands such as copy, delete, etc. on system resources using User Account Control (UAC). In addition, by default, speech recognition is deactivated. Nevertheless, to be on the safe side, Microsoft is setting the kill bit for the ActiveX speech control in question.

As ever on patch day, Microsoft is also distributing an updated version of its Malicious Software Removal Tool (MSRT) which should detect and remove some of the more popular items of malware. As usual, users should install the updates as soon as possible or have them installed via auto update, as the first exploits are likely to be appearing on websites shortly.