Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Hodgepodge of Windows Vulnerabilities Poses Moderate Risk

11 December, 2007

Summary:

Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for December and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s four security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-063: Windows Vista SMBv2 Signing Vulnerability

11 December, 2007

Summary:

Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for December and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s four security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-063: Windows Vista SMBv2 Signing Vulnerability

Server Message Block (SMB) is the file and printer sharing protocol used by Windows. SMB version 2 (SMBv2) is an updated version of SMB, supported by Windows Vista and the upcoming Server 2008. SMBv2 allows for packet signing, which adds an extra layer of authentication and security to SMB communications. When your computer receives a properly signed SMBv2 packet, the packet’s signature should guarantee the authenticity of its sender. However, Microsoft’s alert warns of an unspecified flaw in the implementation of SMBv2 signing in Windows Vista. An attacker could exploit this flaw to modify SMBv2 packets even though they still retain seemingly authentic SMBv2 signatures. An attacker could then leverage this vulnerability to impersonate a trusted user on your network, which allows the attacker to execute code on your computers with the impersonated user’s privileges. The impact of this vulnerability is reduced by the fact that most administrators don’t allow SMB traffic through their firewalls. Furthermore, most administrators don’t use SMBv2 at all. This vulnerability poses primarily an internal threat.
Microsoft rating: Important.

MS07-065: Windows Message Queuing Buffer Overflow Vulnerability

Windows Message Queuing is a technology that allows Windows applications to communicate with one another, even when each application happens to run at different times (learn more about Message Queuing on Microsoft’s site). The Message Queuing component that ships with Windows 2000 and XP suffers from a buffer overflow vulnerability. By sending a specially-crafted message to a Windows computer that uses the Message Queuing component, an attacker can exploit this flaw to gain complete control of that machine. To exploit this flaw in Windows XP, that attacker would need valid login credentials. However, he doesn’t need credentials to exploit the flaw against Windows 2000 machines. Windows does not install the Message Queuing component by default, greatly mitigating the threat of an attack exploiting this flaw.
Microsoft rating: Important.

MS07-066: Windows Vista Kernel Privilege Elevation Vulnerability

According to Microsoft, a Windows Vista Kernel component called Windows Advanced Local Procedure Call (ALPC) doesn’t properly validate “certain conditions in legacy reply paths.” This flaw leads to a privilege elevation vulnerability. If an attacker has valid login credentials for one of your Vista machines (even as a guest), and he writes a special program that leverages this ALPC flaw, he can exploit this vulnerability to gain full control of that Vista system. Of course, the attacker needs valid login credentials and access to your Vista machines in order to exploit this flaw. For those reasons, it poses minimal risk.
Microsoft rating: Important.

MS07-067: Macrovision Driver Privilege Elevation Vulnerability

Some versions of Windows ship with a Macrovision SafeDisc driver used to validate the authenticity of certain games that use SafeDisc CD copy protection technology. The Macrovision SafeDisc driver suffers from an elevation of privilege vulnerability involving its mishandling of configuration parameters. Like the flaw above, if an attacker has valid login credentials on one of your Windows machines (even as a guest), and he writes a special program that leverages this Macrovision driver flaw, he can exploit this vulnerability to gain full control of that system. Again, the attacker needs local access and login credentials in order to exploit this flaw. If an attacker has this level of control over your computers, you have much bigger problems to worry about.
Microsoft rating: Important
.

Solution Path

Microsoft has released patches for Windows to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at their Product Support Services Web site.

MS07-063:

MS07-065:

Doesn’t affect 64-bit versions of XP, nor any other versions of Windows

MS07-066:

MS07-067:

For All WatchGuard Users:

WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers would exploit most of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS07-067

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...