Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WatchGuard Live Secuirty:Five Windows Updates, Only One Critical

Severity: High

12 August, 2008


Summary:

§ These vulnerabilities affect: All current versions of Windows

§ How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing malicious images or sending specially crafted packets

§ Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Severity: High

12 August, 2008


Summary:

§ These vulnerabilities affect: All current versions of Windows

§ How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing malicious images or sending specially crafted packets

§ Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released five security bulletins describing vulnerabilities that affect Windows and components shipping with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PCs. The summary below lists the vulnerabilities in order from highest to lowest severity.

MS08-046: Microsoft Image Color Management (ICM) Buffer Overflow vulnerability

Image Color Management (ICM) is a Windows component that uses data in ICC profiles to perform color translation operations. ICM suffers from a buffer overflow vulnerability. By tricking one of your users into opening a maliciously crafted image file, which he could host on a web site, an attacker might exploit this vulnerability to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker could gain complete control of the victim’s computer.
Microsoft rating: Critical.

MS08-049: Two Event System Code Execution Vulnerabilities

Event System is a Windows service that manages the event logs which different applications send to the Windows operating system (you can view these logs with Event Viewer). The Event System suffers from two vulnerabilities involving its inability to properly parse specially malformed event requests or subscriptions. By creating an application that sends such event requests to the Event System, an attacker could exploit either flaw to gain complete control of Windows PCs. However, the attacker would need valid login credentials and access to a victim’s machine in order to run his malicious program.
Microsoft rating: Important.

MS08-048: Outlook Express and Windows Mail Cross-Domain Information Disclosure Vulnerability

Outlook Express (OE) and Windows Mail are the email clients that ship with different versions of Windows. Both clients suffer from a Cross-Domain information disclosure vulnerability (similar to a Cross-Site Scripting attack) due to the way their protocol handlers interpret MHTML URL redirections. While the vulnerability lies within OE and Mail, an attacker triggers it via Internet Explorer (IE). By luring one of your users to a malicious web page, an attacker could exploit this vulnerability to read data from another Internet Explorer security domain, or even the local computer.
Microsoft rating: Important.

MS08-050: Windows Messenger Information Disclosure Vulnerability

Windows Messenger is the instant messaging (IM) client that ships with Windows. According to Microsoft, Messenger ships with an ActiveX control that is marked safe for scripting, which means web sites can runs scripts using this control. Unfortunately, this leads to an information disclosure vulnerability. By enticing one of your users into visiting a malicious web page, an attacker could exploit this vulnerability to gain control of that user’s Messenger chat client. The attacker could capture your user’s Messenger login ID, gain access to all of his or her contacts, and even launch new audio and video chat sessions without your user’s knowledge. However, security features in both IE and Windows 2003 mitigate the risk of this sort of attack to some degree.
Microsoft rating: Important.

MS08-047: IPSec Information Disclosure Vulnerability

IPsec is a security encryption protocol that allows you to make Virtual Private Network tunnels (VPN) to security your communications over a network. Windows ships with IPsec services. If an attacker could sniff your local network traffic, he might be able to modify an IPsec policy when it’s transmitted over your local network to other computers. For instance, he could modify the policy so that it doesn’t encrypt VPN traffic. However, the IPsec policy in question is typically transmitted over the network with encryption. The attacker could only exploit this issue if he had administrative access to your domain controller, or you unknowingly misconfigured your IPsec rule set to cause information to be transmitted in the clear. In short, many mitigating circumstances around this vulnerability significantly lower its risk.
Microsoft rating: Important.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS08-046:

§ For Windows 2000

§ For Windows XP

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium

MS08-049:

§ For Windows 2000

§ For Windows XP

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium

§ For Windows Vista

§ For Windows Vista x64

§ For Windows Server 2008

§ For Windows Server 2008 x64

§ For Windows Server 2008 Itanium

MS08-048:

§ Outlook Express 5.5 for Windows 2000

§ Outlook Express 6.0 for:

§ For Windows 2000

§ For Windows XP SP3

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium

§ Windows Mail for:

§ For Windows Vista

§ For Windows Vista x64

§ For Windows Server 2008

§ For Windows Server 2008 x64

§ For Windows Server 2008 Itanium

MS08-050:

§ Windows Messenger 4.7 for:

§ For Windows XP SP3

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium


§ Windows Messenger 5.1 for all versions of Windows

MS08-047:

§ For Windows Vista

§ For Windows Vista x64

§ For Windows Server 2008

§ For Windows Server 2008 x64

§ For Windows Server 2008 Itanium

For All WatchGuard Users:

WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers could exploit many of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.

Status:

Microsoft has released patches correcting these issues.

References:

§ Microsoft Security Bulletin MS08-046

§ Microsoft Security Bulletin MS08-047

§ Microsoft Security Bulletin MS08-048

§ Microsoft Security Bulletin MS08-049

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...