Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WatchGuard Live Security: Microsoft Patches Critical Hole in MSXML, Flaw in SMB

Severity: High

11 November, 2008

Summary:

§ These vulnerabilities affect: All current versions of Windows, and many versions of Office

§ How an attacker exploits them: Multiple vectors of attack, including enticing a victim to a malicious web site

§ Impact: Various; in the worst case, attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Severity: High

11 November, 2008

Summary:

§ These vulnerabilities affect: All current versions of Windows, and many versions of Office

§ How an attacker exploits them: Multiple vectors of attack, including enticing a victim to a malicious web site

§ Impact: Various; in the worst case, attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components that ship with it. Some of the vulnerabilities also affect Office and Office-related products. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities in order of severity, worst first.

MS08-069: Three XML Core Services Vulnerabilities

Microsoft’s XML Core Services (MSXML) provide a high degree of support for XML standards in Windows. Though the XML Core Services do not ship with all versions of Windows, they ship with a variety of popular Microsoft products and software updates, including some versions of Office and Internet Explorer. You’re likely to find the XML Core Services on most of your Windows workstations. (For further details on which products include the XML Core Services, scroll to the bottom of the Microsoft Knowledge Base article, “List of Microsoft XML Parser versions.”)

Microsoft’s bulletin describes three vulnerabilities that affect MSXML. The worst vulnerability involves memory corruption, arising from MSXML poorly handling specially crafted XML content. By enticing one of your users to a malicious web site, an attacker could leverage this vulnerability to execute code on that user’s computer, with that user’s privileges. If that user has local administrative rights, the attacker could gain complete control of the user’s machine. The two remaining MSXML flaws include a less severe Cross-Site Scripting vulnerability, and an Information Disclosure flaw.
Microsoft rating: Critical.

MS08-068: SMB Credential-Reflection Vulnerability

Server Message Block (SMB) is a protocol Windows uses for network file sharing. By default, Windows SMB suffers from something called a “credential-reflection vulnerability” when handling NT LAN Manager (NTLM) credentials. In credential-reflection attacks, an attacker somehow captures a victim’s login credentials, which are typically sent as hash values. In most cases, the attacker captures these credentials by sniffing network traffic or enticing a user to log into malicious servers which record the login. Once the attacker captures the hashed credentials, they replay those login credentials in order to log into some system with the victim’s privileges. Microsoft SMB ships with some credential-reflection protection mechanisms. However, Windows does not enable them by default. By enticing one of your users to log in to a malicious SMB server, an attacker could leverage this lack of protection to capture that user’s NTLM login credentials, and gain access to that user’s computer. If the user has local administrative privileges, the attacker gains full control of the user’s machine. However, most administrators do not allow SMB traffic (ports 135 and 445) to pass beyond their perimeter, out to the Internet. Therefore, this flaw primarily poses an internal threat.
Microsoft rating: Important.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS08-069:

Note: Due to the confusing array of possible combinations of MSXML, you may want to let Windows Update find the appropriate patch automatically.

MS08-068:

For All WatchGuard Users:

WatchGuard Fireboxes reduce the risks presented by one of these vulnerabilities. By default, your Firebox blocks the ports necessary to launch the SMB attack described above. However, attackers could also exploit the SMB attack locally, without passing traffic through your firewall. Furthermore, attackers could exploit the XML vulnerabilities using normal HTTP traffic, which you must allow for your users to browse the web. For those reasons, we urge you to apply Microsoft’s patches.

Status:

Microsoft has released patches correcting these issues.

References:

§ Microsoft Security Bulletin MS08-068

Microsoft Security Bulletin MS08-069

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 22 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...