Microsoft patches for eight flaws; FTP server fix not ready

By on
Microsoft patches for eight flaws; FTP server fix not ready

Five 'critical' patches delivered.

Microsoft has distributed five patches covering eight vulnerabilities, but still outstanding is a fix for two "critical" FTP server bugs unveiled last week.

The release resolves a mismash of client and server-side issues, but the five bulletins all have one thing in common: they are rated "critical", meaning the vulnerabilities could result in remote code execution.

Most experts agree that bulletin MS09-048 could turn out to be the most severe, as it resolves three flaws in TCP/IP, a core networking component used to communicate over the internet. Attackers could successfully exploit the vulnerabilities by sending a flood of specially crafted TCP/IP packets from one PC to another to execute remote code or launch denial-of-service attacks.

Microsoft coordinated on the issue with Cisco, which released a complementary patch to address TCP/IP vulnerabilities in its products.

MS09-049 addresses a single flaw in the Wireless LAN AutoConfig Service, which could be exploited if a user with a wireless network interface enabled receives maliciously-crafted wireless frames, according to Microsoft. Systems without a wireless card enabled are not susceptible.

All four of the server-side vulnerabilities do not require any user interaction.

"These vulnerabilities are the most likely to be exploited by malicious code and are two of the best worm candidates that we've seen since Conficker," said Dave Marcus, director of security research and communications at McAfee Avert Labs.

But Jerry Bryant, a senior security program manager for Microsoft, said in a post on the company's Security Response Center blog that the company does not anticipate "reliable exploit code" being produced for those flaws.

Meanwhile, the three other bulletins pushed out fix problems on the client side, in which users' machines could be infected by visiting a hacker-owned website or installing a malicious file.

Bulletin MS09-045 resolves a flaw in the JScript Scripting Engine, MS09-046 fixes one bug in the DHTML Editing Component ActiveX control, and MS09-047 fills two holes in the Windows Media Format.

"MS09-045 is not a typical update from Microsoft and is particularly dangerous since it positions JavaScript as a weapon-of-choice by attackers," said Josh Abraham, security researcher at vulnerability management firm Rapid7. "This is to be expected, since most of the vulnerability scanners are unable to help with JavaScript, giving attackers an incentive to look for more JavaScript-based methods."

Microsoft rated MS09-045 and MS09-047 as the two patches that should be deployed first due to the fact that they fix "browse-and-own attack scenarios" and have a high exploit possibility, Bryant said. However, engineers determined that "reliable exploit code" would be difficult to produce for MS09-046.

In addition, Microsoft re-released bulletin MS09-037, originally shipped in August, to reflect an additional update for Windows XP Media Center 2005 and Vista systems. Despite the revision, Bryant said the company has not seen any new active attacks.

MS09-037 addressed five vulnerabilities in the Active Template Library (ATL), which, if exploited, could enable execution of remote code if a specially crafted ActiveX control is hosted on a malicious website.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?