Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WatchGuard Live Security: Three Windows Bulletins Fix Eight Vulnerabilities

Severity: High

10 March, 2009

Summary:

  • These vulnerabilities affect: All current versions of Windows
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to a malicious web site
  • Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released three security bulletins describing eight vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

Severity: High

10 March, 2009

Summary:

  • These vulnerabilities affect: All current versions of Windows
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to a malicious web site
  • Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released three security bulletins describing eight vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

MS09-006: Three Windows Kernel Vulnerabilities

The kernel is the core component of any operating system (OS), and is responsible for managing communication between hardware and software. According to Microsoft’s security bulletin, the Windows kernel suffers from three vulnerabilities. The worst of these flaws involves the kernel component for the Windows Graphics Device Interface (GDI). This is a component Windows uses to output graphics to your monitor or printer. Unfortunately, the GDI kernel component doesn’t properly validate certain graphic input. By enticing one of your users to view a maliciously crafted image (either a .wmf or .emf image), possibly hosted on a malicious web site, a remote attacker can exploit this vulnerability to execute code on that user’s computer with full “SYSTEM” privileges. This means the attacker gains complete control of that user’s PC. The remaining two kernel flaws are both elevation of privilege vulnerabilities that require Windows credentials and local access to exploit.
Microsoft rating: Critical.

MS09-007: SChannel Certificate Authentication Spoofing Vulnerability

SChannel is the Windows component used to implement the Secure Sockets Layer (SSL) protocol, and its successor, the Transport Layer Security (TLS) protocol. Many network clients use these protocols to build secure connections over the Internet. For instance, your web browser commonly uses these protocols to establish connections to secure web sites. These protocols also support certificate-based authentication, where users have public and private keys they use to authenticate to secure servers (you can learn more about public key infrastructure (PKI) here).

Unfortunately, SChannel does not properly enforce the public/private key relationship. Typically, when your web browser authenticates to a secure web site using the public key component of your certificate, it should also validate that you have access to the correct private key corresponding to that public key. SChannel does not correctly validate this public/private key relationship. As a result, if an attacker can gain access to only your public key, he can use it to authenticate to secure servers, impersonating you. The attacker would not need access to your private key to carry out this attack. Granted, your public key doesn’t get as widely distributed as its name might suggest. An attacker would have to packet sniff on your network, or entice you to a specially crafted site in order to get your public key. However, it is still much more available than your private key. Not validating the private key completely defeats the security that public key cryptology offers.
Microsoft rating: Important.

MS09-008: Four Windows DNS and WINS Server Vulnerabilities.

The DNS and WINS servers that ship with the Server versions of Windows suffer from four security vulnerabilities. First, the DNS Server suffers from two DNS cache poisoning vulnerabilities due to programmatic flaws that allow attackers a better chance of predicting the next DNS transaction ID. These flaws are similar to the major DNS flaws Dan Kaminsky described last year. If you’d like to learn more about the flaws reported by Dan Kaminsky, and how greater predictability of DNS transaction IDs can lead to DNS cache poisoning attacks, you can read our previous DNS alerts [ 1 / 2 ], or listen to the July ’08 episode of Radio Free Security.

Next, both the DNS and WINS servers suffer from what Microsoft calls Web Proxy Auto-Discovery (WPAD) registration vulnerabilities. WPAD is a Microsoft-designed protocol that allows your web browser to automatically find proxy servers on your network by looking for host names or domain names that start with “wpad”. Unfortunately, if you are not using this feature, and haven’t registered the “wpad” domain or hostname on your WINS and DNS servers, any attacker on your network can register the “wpad” name for you. Once they do, any browsers that support WPAD (such as IE and Firefox) will redirect all your users web traffic through that attacker’s server, thus allowing the attacker to see all of your users web traffic (commonly referred to as a Man-in-the-Middle (MitM) attack).However, only a local attacker can leverage this vulnerability.
Microsoft rating: Important.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS09-006:

MS09-007:

MS09-008:

Note: This vulnerability only affects the Server versions of Windows.

For All WatchGuard Users:

Attackers exploit most of these attacks locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.

However, many of WatchGuard’s Firebox models allow you to prevent your users from accessing certain content based on file extensions. If you like, you can temporarily mitigate the risk of one of these vulnerabilities by blocking .WMF and .EMF image files using your Firebox’s proxy services. Keep in mind, doing this also blocks legitimate .WMF and .EMF images as well.

If you choose to block these image types, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .WMF and .EMF files by their file extensions:

Status:

Microsoft has released patches correcting these issues.

References:

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...