12 February, 2008
Summary:
- These vulnerabilities affect: All current versions of Windows
- How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets or enticing your users to malicious Web pages
- Impact: Various results. In the worst case, attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately
12 February, 2008
Summary:
- These vulnerabilities affect: All current versions of Windows
- How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets or enticing your users to malicious Web pages
- Impact: Various results. In the worst case, attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately
Exposure:
Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PCs. The summary below lists the vulnerabilities in order from highest to lowest severity.
MS08-007: WebDAV Heap Buffer Overflow Vulnerability
Web Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol allowing you to manage and publish content to your Web server remotely, using TCP port 80. Windows ships with the Web Client service to support WebDAV, and most versions of Windows (except Server 2003) enable this service by default. The Web Client service suffers from a heap buffer overflow vulnerability involving the way it handles maliciously crafted WebDAV responses. By sending such a response to a vulnerable Windows computer, a remote attacker could exploit this vulnerability to gain complete control of that machine. All Windows machines are vulnerable to this flaw; however, it poses the greatest threat to your Windows web servers. Since this attack occurs over port 80, and you must give external users port 80 access so that they can reach your Web site, your Windows system Web servers suffer the greatest risk of attack.
Microsoft rating: Critical.
MS08-008: OLE Heap Buffer Overflow Vulnerability
According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data or to control another application. For example, OLE is the technology that allows you to add special object links, such as pictures and movies, to your Microsoft documents. The Windows OLE component suffers from a buffer overflow vulnerability. By luring one of your users to a malicious Web page, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, an attacker could then leverage this vulnerability to gain complete control of their PCs. The affected OLE components also ship with Microsoft Visual Basic 6.0 and Microsoft Office 2004 for Mac, so they are vulnerable to this flaw as well.
Microsoft rating: Critical.
MS08-003: Active Directory Denial of Service Vulnerability
Active Directory is the Windows component that provides central authentication and authorization services for Windows computers. Active Directory runs on Windows servers, but also on Windows clients as the Active Directory Application Mode (ADAM) service. Microsoft’s security bulletin warns of an unspecified Denial of Service (DoS) vulnerability involving the way Active Directory handles specially crafted LDAP packets. By sending a malicious LDAP request, a remote attacker could exploit this vulnerability to cause your Windows computer to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep your Windows machines offline for as long as he could sustain this attack. However, most administrators don’t allow LDAP traffic (TCP ports 389 and 3268) through their perimeter firewall. Therefore, this vulnerability primarily poses an internal threat.
Microsoft rating: Important.
MS08-004: Denial of Server Vulnerability in Vista DHCP Response Handling
Windows Vista suffers from an unspecified Denial of Service (DoS) vulnerability involving the way it handles specially crafted DHCP response packets. By sending a malicious DHCP response packet to a vulnerable Vista machine, a remote attacker could exploit this vulnerability to cause that machine to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep the victim’s machine offline for as long as he could sustain this attack. Since DHCP traffic doesn’t typically pass through perimeter firewalls, this vulnerability primarily poses an internal threat.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at its Product Support Services Web site.
Doesn’t affect Windows 2000, Vista w/SP1, or Server 2008
- 2000
- XP SP2
- XP x64
- Server 2003
- Server 2003 x64
- Server 2003 Itanium-Edition
Doesn’t affect Windows 2000, Vista w/SP1, or Server 2008
For All WatchGuard Users:
WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers would exploit most of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.