News
Microsoft Patches Four Critical Windows Vulnerabilities
- By Stephen Swoyer
- April 10, 2007
As
expected, Microsoft Corp. today published five new security bulletins that patch vulnerabilities in its Windows and Microsoft Content Management Server products.
Microsoft's Tuesday patch haul includes fixes for four "critical"
and one "important" vulnerability -- on top of the critical GDI patch
Redmond released
just last week.
All four of the "critical" security bulletins patch flaws that, if
exploited, could result in Remote Code Execution attacks. They include fixes
for vulnerabilities in:
This month's sole "important" update fixes a flaw
in the Windows kernel that could result in an Elevation of Privilege attack.
The Windows CMS bulletin linked above actually addresses two vulnerabilities:
a Memory
Corruption vulnerability and a Cross-Site
Scripting and Spoofing vulnerability, the latter of which can result in
information disclosure or spoofing, Microsoft confirmed. The former flaw --
which can be exploited by means of a malicious HTTP request -- is the more serious
of the two; it's the one that, if exploited, could result in a Remote Code Execution
attack. This vulnerability had not previously been disclosed, and no known exploit
or proof-of-concept code exists.
The Universal
Plug and Play (UPnP) vulnerability affects only Windows XP systems (including
SP2 and x64 versions), Microsoft said. Windows 2000 SP4, as well as any of the
available flavors of Windows Server 2003 and Windows Vista, are not affected.
This vulnerability had not previously been disclosed, and no known exploit or
proof-of-concept code exists.
The Microsoft
Agent flaw takes the form of an URL Parsing vulnerability. Microsoft gives
it a "critical" rating on Windows 2000 SP4 and Windows XP SP2 (x86
versions only) and a "moderate" rating on Windows XP Professional
x64, Windows Server 2003 (all versions). Windows Vista is not affected by the
vulnerability, Microsoft says.
The CSRSS bulletin also addresses multiple vulnerabilities, including a MsgBox
Remote Code Execution vulnerability (the most serious of the three), a CSRSS
Local Elevation of Privilege vulnerability and a CSRSS
DoS vulnerability.
This critical bulletin affects all supported versions of Windows, including
Windows Vista. The CSRSS MsgBox vulnerability stems from a flaw in the way in
which Microsoft's CSRSS implementation processes error messages. An attacker
would have to craft a malicious Web page or application in order to exploit
the vulnerability, according to Microsoft. This vulnerability had
been publicly disclosed, according to Microsoft; the security community
at large dubs it "Vista Memory Corruption Zero-Day" -- although, to
date, to there's no evidence of any exploit activity. Microsoft's Patch Tuesday
release addresses this flaw as well as the other aforementioned vulnerabilities.
The "important" Kernel
Elevation of Privilege vulnerability affects all versions of Windows except
Vista. Today's patch for this flaw -- resulting from incorrect permissions on
a mapped memory segment -- replaces a prior
update for Windows 2000 Server SP4, Microsoft said.
Microsoft also released several non-security updates for its Windows Malicious Software Removal Tool, Windows Server Update Services (WSUS), Microsoft Update and Software Update Service.
About the Author
Stephen Swoyer is a contributing editor for Enterprise Systems. He can be reached at [email protected].