Yep nothing, ie, word,office bugs lol. Quote:
To view this email in a web browser, click here.
July 13, 2005
Microsoft Patch Disclosure - July 2005
For July's "Patch Tuesday", Microsoft released three patches. Administrators that are still shaken from June's slew of patches are probably breathing a sigh of relief. Below is a summary of this month's bulletins and how they may affect you.
This Month's Bulletins
MS05-035: Vulnerability in Microsoft Word Could Allow Remote Code Execution
MS05-036: Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
MS05-037: Vulnerability in JView Profiler Could Allow Remote Code Execution
Bulletin Summary
MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
http://www.microsoft.com/technet/securi ... 5-035.mspx
Microsoft Severity Rating: Critical
eEye Severity Rating: Critical
Description:
This covers an issue with the way Microsoft Word parses fonts. The team at iDefense found an overflow in this process which allows them to execute remote commands. The vulnerability exists in Microsoft Office, Microsoft Works 2000 and Office XP. This could also be considered a file format vulnerability.
In order for an attacker to use this vulnerability, he must first trick an unsuspecting user into opening a malicious Word document. Upon exploitation, the attacker will only have the permissions/privileges of the user he is tricking.
Microsoft rates this vulnerability as critical and we at eEye agree. That said, the attack method of a malicious Word file exists in previous vulnerabilities, so there will hopefully be a good number of users already informed not to open random and unsolicited Word documents. In any case enterprises must ensure that systems, especially workstations, are protected from this vulnerability.
Pre-Patch Mitigation:
eEye recommends following basic systems hardening principals. If steps are taken to properly control users' access on their workstations, the attack would be limited to each user's environment and anything they have access to. Of course every enterprise has users that need a greater level of access to systems, so risk cannot be completely controlled using this method.
Use end-point protection software, such as eEye's Blink®, that ensures protection for this type of vulnerability and that will terminate the affected process (Word) if an overflow is detected.
--------------------------------------------------------------------------------
MS05-036
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
http://www.microsoft.com/technet/securi ... 5-036.mspx
Microsoft Severity Rating: Critical
eEye Severity Rating: Critical
Description:
Like MS05-035, this is a file format vulnerability. While it does not affect Microsoft Office, it does affect a wide range of Windows operating systems. Discovered by Shih-hao Weng, this vulnerability is an overflow in the way Microsoft handles International Color Consortium (ICC) format tags. In order for this vulnerability to be used in an attack scenario, an attacker must trick a user into clicking on a link to a malicious website. This could occur via email, P2P networks, or instant messenger.
Once exploited, the attacker is able to run remote code, but only in the context of the user being attacked. Also like MS05-035, Microsoft rates this vulnerability as critical, probably due to the fact that code can be executed remotely.
Pre-Patch Mitigation:
eEye recommends following basic systems hardening principals. If steps are taken to properly control users' access on their workstations, the attack would be limited to each user's environment and anything they have access to. Of course every enterprise has users that need a greater level of access to systems, so risk cannot be completely controlled using this method.
Use end-point protection software, such as eEye's Blink®, that ensures protection for this type of vulnerability and that will terminate the affected process (browser) if an overflow is detected.
--------------------------------------------------------------------------------
MS05-037
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
http://www.microsoft.com/technet/securi ... 5-037.mspx
Microsoft Severity Rating: Critical
eEye Severity Rating: Critical
Description:
This issue was disclosed to the public on June 29, 2005 as a heap overflow in the COM object javaprxy.dll within Microsoft Internet Explorer. The discoverer of this vulnerability reported the flaw to Microsoft on June 17, 2005. He later decided to release details on the advisory before the patch based on feedback from Microsoft that they could not reproduce the vulnerability.
Since then the vulnerability has been reproduced, and now we have a patch. Fortunately, while this issue is critical, it is not a vulnerability that could have been exploited by an internet worm. In order to successfully exploit this issue, an attacker must first setup a malicious website then trick his target into visiting that site.
Pre-Patch Mitigation:
eEye recommends following basic systems hardening principals. If steps are taken to properly control users' access on their workstations, the attack would be limited to each user's environment and anything they have access to. Of course every enterprise has users that need a greater level of access to systems, so risk cannot be completely controlled using this method.
Use end-point protection software, such as eEye's Blink®, that ensures protection for this type of vulnerability and that will terminate the affected process (browser) if an overflow is detected.
Users can also manually edit the registry and set the kill-bit for this type of Active-X control, as this is all that the Microsoft patch does. The registry key is "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Interne t Explorer\ActiveX Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}", and the registry value is a REG_DWORD named "Compatibility Flags" set to 400 (hexadecimal).
eEye Digital Security Protection
eEye Digital Security software can help customers with this and every "Patch Tuesday" by assisting with the prevention, identification, and mitigation of vulnerabilities.
Retina® Network Security Scanner
Retina version 5.2.25 is available to customers via Auto-Update. Retina has been updated with the following audits:
MS05-035: RTH-3245, RTH-3246
MS05-036: RTH-3248, RTH-3249, RTH-3250
MS05-037: RTH-3247
Blink® End-Point Vulnerability Prevention
All versions of Blink preemptively protect against these vulnerabilities. No updates necessary.
--------------------------------------------------------------------------------
You have received this announcement to xxx as a valued member of eEye's Alert: eEye Security Bulletin list. If you wish to modify your subscription settings, please visit our website:
http://www.eeye.com/xxx | |