Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft Issues Four Security Bulletins

From: InfoSec News <isn () c4i org>
Date: Fri, 4 Oct 2002 04:22:36 -0500 (CDT)
http://www.betanews.com/article.php3?sid=1033692126

By Nate Mook, BetaNews 
October 3rd, 2002, 8:42 PM 

In four TechNet security bulletins, Microsoft late Wednesday disclosed
eleven vulnerabilities related to Windows and SQL Server, five of
which are labeled critical. Patches have been released for each flaw,
and will likely soon be available on Windows Update. The bulletins
come a day after Microsoft CEO Steve Ballmer sent out a memo
discussing actions the company is taking to improve software updates
and customer feedback.

The first posted vulnerabilities involve decompression of ZIP files
that are natively supported in Windows Me, XP and Windows 98 with
Plus! Pack. A malformed filename could cause Explorer to crash or an
attacker's code to be run, according to the bulletin. In addition, an
attacker could place files in directories other than those specified
by the user, without notification.

A more serious flaw involves the HTML Help facility in Windows, which
uses an ActiveX control that contains an unchecked buffer. According
to Microsoft, "An attacker who successfully exploited the
vulnerability would be able to run code in the security context of the
user, thereby gaining the same privileges as the user on the system."

In addition, HTML Help incorrectly runs help files delivered over the
Internet within the Local Computer Zone, allowing a malicious file to
perform actions on the system without a user's consent.

A cumulative patch for SQL Server was released alongside notice of
four new vulnerabilities, the most serious of which could give an
attacker full control over a database server. "By sending a specially
malformed login request to an affected server, an attacker could
either cause the server to fail or gain the ability to overwrite
memory on the server, thereby potentially running code on the server
in the security context of the SQL Server service," the bulletin
reads. SQL Server 97, 2000, and MSDE 1.0 and 2000 are affected.

The last three vulnerabilities involve Microsoft's Services for UNIX
3.0 included on the Interix SDK. A Sun Microsystems RPC library in the
SDK includes two potential buffer overflows and an implementation
error that could lead to a denial of service attack.

More information on Microsoft security announcements and patches can
be found on Microsoft's TechNet Security Web site.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: