In association with heise online

14 June 2006, 13:47

Microsoft patch day: eight critical holes patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

There was a great deal of activity on Microsoft's patch day in June: in addition to eight critical updates for Windows and MS Office, Microsoft is also providing three important software patches and remedying a problem considered moderately severe. As announced, Microsoft is closing the well known and already actively exploited hole in MS Word (MS06-027). Using this hole hackers could use specially prepared Word documents to cause chaos in memory management and have code that was smuggled in executed. According to MS06-028, PowerPoint presentations can also smuggle in code that the system then executes with the rights of the user who is logged in. However, this hole has apparently not yet been exploited but only reported to Microsoft by the European Aeronautics Defence and Space Company (EADS) and Symantec.

Internet Explorer has also once again fallen prey to four critical issues that allow arbitrary code to be smuggled in and executed via web sites. The cumulative update in MS06-21 remedies these problems, and the JScript interpreter patch is another (MS06-23). Microsoft also patches another four IE problems that are not considered particularly critical.

Three errors in the representation of various graphics formats are also considered critical: in a library used by Internet Explorer and other software to display AOL's graphics format ART (MS06-022) and by MediaPlayer to display PNG data (MS06-024), buffer overflows may occur, leading to the well known drastic consequences. Once again, the handling of WMF files by the Windows graphics rendering component has turned out to be a potential entry point for malicious software (MS06-026). Unfortunately, Microsoft does not say whether this problem is a skeleton in its security closet like those discovered at the beginning of the year in troubleshooting routines or more of a classic programming error; its very vague error description merely states that "the way that the Graphics Rendering Engine handles specially crafted WMF images [...] could allow arbitrary code to be executed".

Microsoft categorizes two errors in its Routing and Remote Access (RRAS) service as critical on Windows 2000 systems, where a buffer overflow can be caused directly from the network; with Windows XP Service Pack 2 and Windows Server 2003, such an attack requires a valid access code (MS06-025).

In addition to all of these critical updates, there are also a couple of patches not considered crucial: in the TCP/IP stack, IP source routing, which is disabled under standard configurations, can cause a buffer overflow (MS06-032). Hackers can use special SMB packets to gain additional rights as long as they can log on to the system (MS06-030). Special e-mails can execute script code with the user's rights if the user opens them with the Outlook Web Access (OWA) exchange service (MS06-029). Finally, security bulletin MS06-031, which is labeled as a "moderate" danger, warns that attackers could spoof an RPC server for an RPC client application despite mutual SSL authentication.

In the light of the gravity of the errors remedied here, these updates should be installed as quickly as possible. On the other hand, merging all eight updates in one IE patch also increases the risk of conflicts. Administrators who have to test the patches before release therefore have their work cut out for them.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit