Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins

Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins

Summary: Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server.

SHARE:

Microsoft LogoMicrosoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve:

  • Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server
  • A remote code execution vulnerability when saving a specially crafted search file within Windows Explorer
  • Outlook Web Access data validation and parsing Cross-Site Scripting vulnerabilities
  • Information disclosure and potential remote code execution flaws due to memory corruption in SQL Server

More details below:

  • MS08-037 (Maximum severity of Important): This update resolves two newly discovered and privately reported vulnerabilities in the Windows Domain Name System (DNS), which could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

    • Dan Kaminsky of IOActive reported a DNS Insufficient Socket Entropy Vulnerability (CVE-2008-1447)

      • A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1447.

    • A cache poisoning vulnerability was reported in the Windows DNS Server

      • A cache poisoning vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1454.

  • MS08-038 (Maximum severity of Important): This security update resolves a publicly reported vulnerability in Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • A vulnerability was reported in the way Windows handles saved searches

      • A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1435.

  • MS08-039 (Maximum severity of Important): This update resolves two newly discovered and privately reported vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server, which could allow an attacker to gain access to an individual OWA client’s session data, allowing elevation of privilege.

    • Michael Jordan of Context Information Security reported the OWA Data Validation Cross-Site Scripting Vulnerability (CVE-2008-2247) and the OWA Parsing Cross-Site Scripting Vulnerability (CVE-2008-2248)

      • This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run in the security context of the user’s OWA session and could perform any action the user could perform such as reading, sending, and deleting e-mail as the logged-on user.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-2247.
      • This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. To exploit the vulnerability an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. The script would run in the security context of the user’s OWA session and could perform any action the user could perform, such as reading, sending, and deleting e-mail as the logged-on user.To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-2248.

  • MS08-040 (Maximum severity of Important):This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.This security update is rated Important for supported releases of SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).

    • An anonymous finder reported a Memory Page Reuse Vulnerability (CVE-2008-0085)

      • An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0085.

    • An anonymous finder reported a Convert Buffer Overrun Vulnerability (CVE-2008-0086)

      • A vulnerability exists in the convert function in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0086.

    • Brett Moore of Insomnia Security working with the iDefense VCP reported a SQL Server Memory Corruption Vulnerability (CVE-2008-0107)

      • A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0107.

    • An anonymous finder reported the SQL Server Buffer Overrun Vulnerability (CVE-2008-0106)

      • A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-0106.

SQL Server and DNS vulnerabilities are always concerning. We'll see if more details on these flaws become available.

-Nate

Topics: Collaboration, Microsoft, Security, Servers, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Always Update - ALL Software!!

    It's also a good idea to check all your applications against manufacture recommended updates, Adobe, Java, etc... Windows Vista / XP isn't the only update that we should be concerned.

    - Walter Anderson, MCSE, A+, Network+, Sharepoint Consultant
    urcomputerconsultant@...
  • Anyone else have a problem after updating?

    So, on my desktop machine, I went to Microsoft Update, installed all the recommended patches, rebooted, and now I can't browse the web. I can ping outside of my network, but neither IE nor FF can connect to any sites. I've purged my cache, removed all the sites from the "privacy" tab, and still nothing. I've tried doing a System Restore, but I get a message saying "can not be restored to previous setting" or something like that. So, here I am on my laptop. Any ideas?
    MGP2
    • restore

      try system restore in safe mode
      tech_junkie
    • Windows Update and Restore

      Same problem with both a laptop and desktop. Applied today's patches, and now IE and FF will not connect to net. Tried to Restore from regular and Safe Mode, and will not restore. ZoneAlarm my firewall on both machines..turned that off and enabled firewall in XP...now can connect to net. So seems ZA does not "like" the new round of patches.
      peelsboy
      • Thanks for the info....

        I also have ZoneAlarm, so I'll try that when I get home today.

        Thanks again,
        MGP
        MGP2
    • RE: Anyone else have a problem after updating?

      I had the same problem.
      Try removing KB951748 (one of the update files), using the Control Panel's "Add or Remove Programs" (Check box the "Show Updates" box).
      It worked for me.
      bobbyneuro
      • Same problem

        Had the same problem - unable to connect to any web site, retrieve email, or do AVG update after installing the security update on 2 pc running Win XP, a laptop and a desktop. I unisntalled the update thru add/remove programs and everything was back to normal. I tried to call Microsoft but after being on hold for a long time, I decided to not bother.
        doctisch@...
  • RE: Microsoft addresses 9 security vulnerabilities with 4

    Two desktops with Zone Alarm. Similar results after update. We were able to system restore.
    ktcloud32@...
    • Same problem

      Updated yesterday and rebooted. Same issue with Zonealarm. I found that if I reduced the ZA firewall settings from high to medium, I could get out to the internet in FF and IE. Figured I would try to restore back to the point of the MS update; everything worked fine. I also tried updating ZA, but the installer file seems to be missing on ZA's website.

      Forgot to mention that the computer I had trouble with is running XP; my Vista laptop with ZA; no problems.
      swsnyder1@...
  • RE: Microsoft addresses 9 security vulnerabilities with 4

    I updated 3 files today, July 9, on Windows Update.
    After updating & rebooting, I could no longer connect to the Internet, even though the Control Panel's Network Connections said I was connected.
    I removed one of the 3 downloaded files (KB951748), rebooted and was able to get online.
    I'm using XP Pro on a "white box" computer, with an AMD CPU.
    ISP: Comcast with a cable modem
    Browser: MS IE 7
    bobbyneuro