Patch Tuesday: Microsoft fixes critical vulnerabilities in .NET, Excel and Active Directory
Microsoft has published six security bulletins covering a total of 11 security vulnerabilities, five of which they consider to be critical. The patches to resolve these vulnerabilities have already been distributed through Microsoft's Automatic Update.
Three vulnerabilities have been resolved in the .NET framework (Security Bulletin MS07-040). A vulnerability in .NET PE Loader could allow an attacker to overload a buffer and inject and execute remote code if they logged in with administrative user rights. According to the Security Bulletin, remote code can be executed just by visiting a specially crafted web site. The same applies to a vulnerability in the .NET Framework's Just In Time Compiler (.NET JIT). In addition, there is a vulnerability in the .NET Framework that could allow an attacker who successfully exploited this vulnerability to bypass the security features of an ASP.NET web site to download the contents of any web page. All that is needed for an attack of this kind is to click on a link or visit a specially crafted URL. .NET versions 1.0, 1.1 and 2.0 are affected by this vulnerability, but .NET version 3.0 is not.
Security Bulletin MS07-036 also resolves three vulnerabilities, but this time Excel is the affected product. These vulnerabilities could allow an attacker to execute remote code if a user opens a specially crafted Excel file. The vulnerabilities affect MS Excel 2000, 2002, 2003, Excel Viewer 2003 and MS Office Excel 2007. However, not all of three vulnerabilities are present in every version. Moreover, the manufacturer does not consider the problems to be critical in every version even though it is possible to become infected by a malformed file that could be included as an e-mail attachment. The Security Bulletin contains a detailed overview of the versions that are affected. Microsoft has devoted a whole security bulletin (MS07-037) to a vulnerability in Office Publisher 2007, which could also allow remote code execution. Viewing a malformed .pub file could corrupt memory.
The software developer also classified a vulnerability in the Active Directory Server as critical (MS07-039). This vulnerability could allow a server to be compromised by means of LDAP requests with a manipulated number of attributes. There is also a denial of service vulnerability in the Active Directory server. Certain LDAP requests could result in the system ceasing to respond.
There is another important vulnerability (MS07-041) that could trigger a buffer overflow in the URL parser if an attacker sends specially crafted URL requests to a web page hosted by Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2. The vulnerability could also allow remote code execution on a PC with the rights of the Web server (local system).
Last but not least, Microsoft has reported a problem in Windows Vista Firewall with Teredo IPv6 tunnel protocol (MS07-038), which could allow unsolicited traffic to bypass the firewall and possibly communicate with protected computers. The problem was previously reported by Jim Hoagland of Symantec in April in an analysis of Vista.
The vulnerability in an Office 2003 ActiveX control remains unresolved. As in previous months, Microsoft has also released an updated version of its Malicious Software Removal Tool (MSRT), which checks the computer for known and widespread infections and helps remove them.
- Security Bulletin Summary for July 2007
- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542), Security Bulletin MS07-036
- Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (936548), Security Bulletin MS07-037
- Vulnerability in Windows Vista Firewall CouldAllow Information Disclosure (935807), Security Bulletin MS07-038
- Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122), Security Bulletin MS07-039
- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) , Security Bulletin MS07-040
- Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373), Security Bulletin MS07-041