Tuesday, August 14, 2007

patch day

Microsoft has released nine new security bulletins today, six of them critical.  Shavlik is currently testing these patches and will release updated XML files shortly.

MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx

MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-043.mspx

MS07-044: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-044.mspx

MS07-045: Cumulative Security Update for Internet Explorer (937143)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx

MS07-046: Vulnerability in GDI Could Allow Remote Code Execution
(938829)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-046.mspx

MS07-047: Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-047.mspx

MS07-048: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx

MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx

MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-050.mspx

Tuesday, August 14, 2007 at 08:38 PM in patch management | | Comments (0) | TrackBack (0)

Wednesday, July 11, 2007

July microsoft patches

Shavlik Technologies has released updated patch XML files for Shavlik HFNetChkPro and Shavlik NetChk Protect.

XML data version = 1.1.3.3638 Last modified on 7/10/2007

This update includes the following additions:

Microsoft Security Bulletin  MS07-036
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)                  
Max Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx

Microsoft Security Bulletin MS07-037
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)                  
Max Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-037.mspx
*** Note: Office 2007 is only supported in Shavlik HFNetchkPro 5.8.1 and 5.9

Microsoft Security Bulletin MS07-038
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)                  
Max Severity: Moderate
http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx

Microsoft Security Bulletin MS07-039
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)                  
Max Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-039.mspx

Microsoft Security Bulletin MS07-040
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)                  
Max Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx

Microsoft Security Bulletin MS07-041
Important Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)                  
Max Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-041.mspx

Re-Released:
Microsoft Security Bulletin MS06-078
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)                  
Max Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx

Added Update AQ07-006 (QAQ7006) - Security Update (QuickTime 7.1.6)
*** Note: Update AQ07-006 is only supported in Shavlik HFNetchkPro 5.9 only

How to obtain the new Shavlik XML files:
The new XML files will be automatically downloaded to your NetChk console the next time a scan is performed.  Alternatively, you may initiate a refresh of all Shavlik files, including the XML files, by selecting 'Tools-Refresh Files' from the menu bar in the NetChk console.  For additional information on Shavlik data files, please visit http://forum.shavlik.com/viewtopic.php?t=4923

- The Shavlik XML Team

Wednesday, July 11, 2007 at 07:31 AM in patch management | | Comments (1) | TrackBack (0)

Thursday, July 05, 2007

UpdateExpert

UpdateEXPERT Database Notification from Shavlik Technologies's data team:

Shavlik Technologies has released updated files for the UpdateEXPERT patch database.

Database version = 2323 Last modified on 7/5/2007

This update includes the following changes:

New components (English):

- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

New components (German):

- Image Mastering API v2.0 (IMAPIv2.0) for Windows Server 2003 x64 Edition (KB932716)

- Windows Server 2003 may not start when the Volume Shadow Copy Service is enabled (KB931312)

- Background Intelligent Transfer Service (BITS) 2.5 for Windows Server 2003 (KB923845)

- The JScript version 5.6 Date object reports time in standard time instead of in daylight saving time after you apply the updates in Microsoft Knowledge Base articles 928388 and 932590 on a computer that is running Windows XP or Windows Server 2003 (KB933811)

- An update is available that improves the stability of the Windows Management Instrumentation repository in Windows XP (KB933062)

Please contact Shavlik Technologies Technical Support at support@shavlik.com if additional information is needed regarding updates to the UpdateEXPERT Database.

Thank you for using UpdateEXPERT as your patch management tool.

Thursday, July 05, 2007 at 12:39 PM in patch management | | Comments (0) | TrackBack (0)

Wednesday, June 13, 2007

More June Patch information

June 13, 2007 • Microsoft Patch Day Information

Microsoft Releases Six New Security Bulletins

Microsoft released 6 new security bulletins in June and updated 2 prior security bulletins. Of the 6 June bulletins, 4 are rated Critical on Microsoft's severity rating system, though Shavlik believes that another bulletin (MS07-032) should also be rated Critical. 

Five of the six bulletins deal with client side vulnerabilities, meaning the end user would need to initiate an action on their computer such as visiting a malicious website, opening malformed files, or reading evil emails in order for an exploit to occur. 

For customers running Windows XP, Shavlik recommends patching MS07-031 first. This is a flaw in the Operating System that can allow an attacker to execute code on an XP system when a user visits an evil website using https (SSL). Hours after release of the security bulletin, exploit code for this vulnerability was released to the Internet.

For customers running Windows Vista, Shavlik recommends patching MS07-032 (Vista) and MS07-034 (Outlook Express) as soon as possible, followed closely by MS07-033 (Internet Explorer). Shavlik believes that MS07-032 should be rated Critical as it could allow unprivileged Vista users to obtain the administrative username and password for the Vista administrator. Contrary to Microsoft's bulletin, Shavlik also believes that this data can be retrieved remotely when combined with another Vista exploit (such as 07-033 or 07-044).

The following patches have been added to the Shavlik XML file:

Critical
MS07-031
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
MS07-033
Cumulative Security Update for Internet Explorer (933566)
MS07-034
Cumulative Security Update for Outlook Express and Windows Mail (929123)
MS07-035
Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)

Important
MS07-030
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)

Moderate
MS07-032
Vulnerability in Windows Vista Could Allow Information Disclosure (931213)  

Re-Released:
MS07-018
Patch for Content Management Server 2002 SP2 has been updated to address problems with the original patch.
MS07-012
Patches for Windows XP (x64) and Windows Server 2003 (all) have been updated to include Windows Server 2003 SP2 as an affected product.

Additional information about these new security bulletins can be found on
Microsoft’s TechNet Web site.

Shavlik's Bulletin Analysis

MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx
Severity: Important

This is a client side vulnerability that impacts users running Visio 2002 and Visio 2003. If the user opens an attacker's evil Visio file, an attacker can take control of the user's computer. However, the attacker will only have the same level of permissions on the system as the currently logged on user.

MS07-031: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
http://www.microsoft.com/technet/security/Bulletin/MS07-031.mspx
Severity: Critical

If a user visits an evil website using https (SSL), the evil website may be able to crash the browser, crash the computer, or execute code on the system. Windows 2000 and Windows Server 2003 systems are less vulnerable as the attack would not be able to execute code on these systems. Windows XP systems, however, are more vulnerable as the attacker would be able to execute code. Shavlik recommends patching Windows XP systems as soon as possible.

MS07-032: Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx
Severity: Moderate

A logged on user on a Vista system may be able to access sensitive information on the Vista system, including the administrator's username and password or password equivalent. Microsoft states that systems which have been upgraded from Windows XP may offer more sensitive information than systems that performed fresh installations of Vista. The patch secures the 'information store' so that lower privileged users won't have access to this data.

While Microsoft claims this is of Moderate severity, Shavlik believes this should be rated Critical for Vista systems. Further, Shavlik believes it may be possible for attackers to retrieve this information remotely when combined with another Vista exploit. Shavlik recommends installing this patch immediately to all Vista systems.

MS07-033: Cumulative Security Update for Internet Explorer (933566)
http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
Severity: Critical

This Internet Explorer patch impacts all Operating Systems (Windows 2000 through Vista) and addresses 6 flaws in the browser. The patch is applicable to all current browser releases, including Internet Explorer 7.

Of the 6 vulnerabilities, one of these vulnerabilities was publicly known prior to the patch release. Like prior IE vulnerabilities, if a user visits an attacker's web page, the attacker may execute evil code on the user's computer. Shavlik recommends installing this patch as soon as possible on client systems.

MS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123)
http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx
Severity: Critical

This patch corrects several vulnerabilities in Outlook Express (part of Internet Explorer) that could allow an attacker complete control of ther user's system. Users running Vista are at greatest risk - clicking on a received email in Outlook Express could allow the attacker to execute code on the Vista system. Users on earlier Operating Systems that click on a malicious email may allow an attacker to access information from their system, but are safe from evil code execution.

MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
http://www.microsoft.com/technet/security/Bulletin/MS07-035.mspx
Severity: Critical

An Operating System vulnerability exists on Windows 2000, XP, and Windows Server 2003 systems that would allow an attacker to execute code on a user's system. In this instance, the user would need to either visit the attacker's website or execute a custom (evil) application on their local system. Microsoft is not aware of any public exploits for this vulnerability.

How to Obtain the New Shavlik XML File

The new XML file will be automatically downloaded to your NetChk console the next time a scan is performed. Alternatively, you may initiate a refresh of all Shavlik files, including the XML files, by selecting 'Tools-Refresh Files' from the menu bar in the NetChk console.  For additional information on Shavlik data files, please visit http://forum.shavlik.com/viewtopic.php?t=4923

Shavlik Resources

Receive an email each time Shavlik releases updated patch and/or spyware data files. Also receive an immediate notification when Microsoft releases new patches.  Subscribe to http://www.shavlik.com/support/xmlsubscribe.aspx

Stay up to date with patch management topics. Subscribe to
http://www.patchmanagement.org

Wednesday, June 13, 2007 at 02:40 PM in patch management | | Comments (0) | TrackBack (0)

New Microsoft Patches

From our data team (who stays up all night to test these ASAP, in all languages for all our customers -- thanks again to them)

Shavlik Technologies has released updated patch XML files for Shavlik HFNetChkPro and Shavlik NetChk Protect.

XML data version = 1.1.3.3604  Last modified on 6/12/2007

This update includes the following additions:

Microsoft Security Bulletin MS07-030
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS07-030.mspx

Microsoft Security Bulletin MS07-031
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-031.mspx

Microsoft Security Bulletin MS07-032
Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
Severity: Moderate
http://www.microsoft.com/technet/security/Bulletin/MS07-032.mspx

Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx

Microsoft Security Bulletin MS07-034
Cumulative Security Update for Outlook Express and Windows Mail (929123)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx

Microsoft Security Bulletin MS07-035
Vulnerability in Win 32 API Could Allow Remote Code Execution
(935839)
Severity: Critical
http://www.microsoft.com/technet/security/Bulletin/MS07-035.mspx

-----------
Re-Released:
Microsoft Security Bulletin MS07-018
Patch for Content Management Server 2002 SP2 has been updated to address items in KB922449
http://support.microsoft.com/kb/924429

Microsoft Security Bulletin MS07-012
Patches for Windows XP (x64) and Windows Server 2003 (all) have been updated to address items in KB924667
http://support.microsoft.com/?kbid=924667

How to obtain the new Shavlik XML files:
The new XML files will be automatically downloaded to your NetChk console the next time a scan is performed.  Alternatively, you may initiate a refresh of all Shavlik files, including the XML files, by selecting 'Tools-Refresh Files' from the menu bar in the NetChk console.  For additional information on Shavlik data files, please visit http://forum.shavlik.com/viewtopic.php?t=4923

- The Shavlik XML Team

Wednesday, June 13, 2007 at 07:51 AM in patch management | | Comments (0) | TrackBack (0)

Wednesday, May 09, 2007

Microsoft Recommends Shavlik

Its pretty well known that we have been working on patch management for a long time, creating MBSA and now providing Shavlik NetChk Limted, which is directly recommended by Microsoft.  We are focused helping assure our customer's and the industry in general are getting strong security support. Our on going relationship with Microsoft is key to this.

Here are some related links:

Microsoft

Legacy Product Support: For customers using legacy products not supported by MBSA 2.0.1, Microsoft Update, and WSUS, Shavlik Technologies provides a free MBSA 2.0.1 companion tool called Shavlik NetChk Limited.

Users who have the following products in their environment can use Shavlik NetChk Limited to augment MBSA 2.0.1 results for comprehensive security update detection.

Office 2000

ISA Server 2000

FrontPage Server Extensions 2000/2002

Visual Studio .Net 2002/2003

SQL Server 7.0/2000

Other products not included in Microsoft Update's supported product list


WindowsITPro

"Shavlik Technologies was an easy choice for Microsoft to go to for providing continuity in supporting [complete security scanning] for customers who are using some of the older products," said Stephen Toulouse, Group Program Manager at Microsoft. "Shavlik has an intimate knowledge of security detection requirements since they helped develop the first version of MBSA for Microsoft."

Redmond Mag

ENT

Shavlik's NetChk Protect Limited searches for critical  security patches and spyware. However, the free version does not install patches  or remove spyware, according to the product's Quick Start Guide posted on  Shavlik's Web site. 


Get this free product, without any registration or timeous here.


Wednesday, May 09, 2007 at 08:11 AM in HFNetChkPro, Microsoft , Microsoft Security, patch management, Shavlik Technologies, spyware, WSUS | | Comments (0) | TrackBack (0)

May 2007 Patches

(from our data team last night, who worked all night testing these patches - my thanks to them, also here is a note on a new release we have created with a Microsoft endorsement)

Update: Microsoft released seven new security bulletins yesterday, seven of which are rated critical on the company's rating scale.

Desktop systems will be most concerned with MS07-023 through MS07-025 at most companies, these three patches affect Microsoft Office, including Office 2007 -- and there is another Internet Explorer roll up patch MS07-027 which affects all supported versions of IE on all supported versions of Windows including Vista and the x64 versions of Windows.
Network admins should test and deploy MS07-026 which deals with security flaws in Outlook Web Access. Another major patch for network admins is MS07-029, which provides a fix to the DNS RPC subsystem on server versions of Windows 2000 and 2003.
This patch is currently being exploited in the wild and the nature of the vulnerability exposes some of a network's most valuable targets: Active Directory servers and Domain Controllers.

Shavlik expects that many of these vulnerabilities will soon be exploited as vectors for spyware and malware installation on untrustworthy websites. Therefore, we recommend users test and deploy these patches as soon as possible.

Shavlik Technologies has released updated patch XML files for Shavlik HFNetChkPro and Shavlik NetChk Protect.

XML data version = 1.1.3.3566  Last modified on 5/8/2007

This update includes the following additions:

Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Max Severity: Critical            
http://www.microsoft.com/technet/security/bulletin/MS07-023.mspx

Microsoft Security Bulletin MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-024.mspx

Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx

Microsoft Security Bulletin MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx

Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx

Microsoft Security Bulletin MS07-028
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx

Microsoft Security Bulletin MS07-029
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966)   
Max Severity: Critical
http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx

Updated MSRT-001 (Malicious Software Removal Tool)

**Note:  MS07-028 is only supported in versions 5.81 and 5.9 of HFNetChk

- The Shavlik XML Team

UpdateEXPERT Database Notification from Shavlik Technologies

The attached UpdateEXPERT Database Notification is available to you as a subscriber to the Shavlik Technologies “UpdateEXPERT Database Notification” list.  This ListServ keeps you informed of Microsoft Security patches and Critical updates as they become available and are added to the UpdateEXPERT database. 

Unsubscribe information is posted at the end of this message.

-----------------------------Begin Notification-------------------------

Dear Subscriber,

Shavlik Technologies has released updated files for the UpdateEXPERT patch database.

Database version = 2298 Last modified on 5/8/2007

This update includes the following changes:

New components (English):

- Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

- Microsoft Security Bulletin MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

-  Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

- Microsoft Security Bulletin MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

- Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

- Microsoft Security Bulletin MS07-029
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966)

*** Note:  UpdateEXPERT does not support CAPICOM: MS07-028

Please contact Shavlik Technologies Technical Support at support@shavlik.com if additional information is needed regarding updates to the UpdateEXPERT Database.

Thank you for using UpdateEXPERT as your patch management tool.

Wednesday, May 09, 2007 at 06:32 AM in patch management | | Comments (0) | TrackBack (0)

Thursday, May 03, 2007

AQ07-002 (QAQ7160) Apple QuickTime 7.1.6 update

We added AQ07-002 (QAQ7160) Apple QuickTime 7.1.6 update (available as a patch and as a software distribution item) to our data

Thursday, May 03, 2007 at 03:46 PM in patch management | | Comments (0) | TrackBack (0)

Wednesday, April 11, 2007

Why patching is key

Over 2,000 sites now exploit .ani security flaw

By Jeremy Kirk, IDG News Service, 04/10/07

                                                                                       

More than 2,000 unique Web sites have been rigged to exploit the animated cursor security flaw in Microsoft's software, according to security vendor Websense.

Wednesday, April 11, 2007 at 07:16 AM in patch management | | Comments (0) | TrackBack (0)

April patches

(update: for May 2007 patches click here)

From Eric:

Microsoft has released 5 security bulletins this month.  Four of these bulletins are rated Critical by Microsoft, the fifth is rated Important.

Two of this month's vulnerabilities (MS07-018 and MS07-019) are server side vulnerabilities - meaning an attacker can remotely exploit an unpatched system over the Internet.  No user interaction is required (like visiting a website or reading an email).  Server side vulnerabilities can easily become self-propogating worms, similar to Code Red, Nimda, and Blaster.  One of these vulnerabilities is present on Content Management server (which has a low prevalence of installation), and the other is present on all Windows XP systems.

Of the other three vulnerabilities, one is a client side bug (MS07-020) that can be exploited if a user visits an evil website or reads a maliciously formatted email message, and the other two vulnerabilities (MS07-021 and MS07-022) are local privilege escalation attacks that may allow a local user to elevate their permissions and become administrators on their systems.

Shavlik expects to see exploit code released for most, if not all of these issues, in relatively short order.  Shavlik recommends deploying all of the related patches to affected systems as soon as possible.

-----------------------------------------------------------------------------
Microsoft Security Bulletin MS07-018
Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)

All Content Management Server systems are affected, however, the patch is only available for the following releases:
Content Management Server 2001 SP1
Content Management Server 2002 SP2

This is a server-side bug.  This means the server can be attacked without requiring any user intervention on the server itself.  Any unpatched Content Management Server can be attacked remotely over port 80.  Submitting a specific URL to a content management server can allow the attacker to take complete control of the server and execute code of their choice on that server.  (This attack may be similar to the attacks performed years ago against unpatched IIS servers where a bug existed in the URL parsing routine of IIS servers, allowing attackers to take over webserves)

Although there are no reports of current attacks using this vulnerability, Shavlik expects exploit code to surface for this attack very soon.
------------------------------------------------------------------------------

Microsoft Security Bulletin MS07-019
Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)

All XP systems are vulnerable, however, the patch is only avaiable for Windows XP SP2

This is a server-side bug for Windows XP, meaning it can be exploited remotely and no user interaction is required on the XP system.  Any unpatched XP system can be attacked remotely if the attacker can access UDP port 1900 or TCP port 2869.  The attacker could then execute code on that system under the context of LocalService account (which is not quite as good as an admin account)

Customers should block UDP port 1900 and TCP port 2869 with the XP firewall, or they can disable the Universal Plug and Play service.

Although there are no reports of current attacks using this vulnerability, Shavlik expects exploit code to surface for this attack very soon.

-------------------------------------------------------------------------------
Microsoft Security Bulletin MS07-020
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)

This impacts Windows 2000, Windows XP, and Windows Server 2003

This is a client-side bug.  The vulnerability can only be exploited if a user of the system visits an evil website or reads a maliciously formatted email message.  The attacker who sent the email or hosted the web page could then execute code on the system with the same level of privileges as the logged on user.

As a workaround, customers can disable the Microsoft Agent service or can disable the Microsoft Agent ActiveX control in Internet Explorer.

Microsoft has not seen any reports that this is currently being exploited on the Internet.

---------------------------------------------------------------------

Microsoft Security Bulletin MS07-021
Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)

This impacts Windows 2000, Windows XP, Windows Server 2003, and Windows Vista

This vulnerability may allow a locally logged on user to elevate their privileges and become administrator on their system.  It may also allow customers on shared webservers to execute code on the webserver and become adminitrator over the server and all of the websites.

This vulnerability may also be exploited if a user visits an evil website.  The attacker who created the website can then execute code and become administrator on the compromised system

Proof of concept code for this exploit has been posted on the Internet.  Shavlik believes that this sample code could be turned into exploit code that could be used by employees who wish to obtain administrative access to their own systems, and systems that they manage.  Shavlik also expects to see malicious websites appear that, when visited, would take over the computers of those who visit the site.

--------------------------------------------------------------------
Microsoft Security Bulletin MS07-022
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)

This impacts Windows 2000, Windows XP, and Windows Server 2003

Like the MS07-021 vulnerability, this vulnerability is also a local privilege escalation vulnerability (however, this one is not applicable to Windows Vista)

This vulnerability may allow a locally logged on user to elevate their privileges and become administrator on their system.  It may also allow customers on shared webservers to execute code on the webserver and become administrator over the server and all of the websites.

Microsoft has not seen any reports of this vulnerability being exploited on the Internet.  Shavlik that exploit code should be available soon that could be used by employees who wish to obtain administrative access to their own systems, and systems that they manage.

Wednesday, April 11, 2007 at 07:12 AM in patch management | | Comments (1) | TrackBack (0)

»
Subscribe to this blog's feed
My Photo

About

Links

Archives

More...