
The Active Directory patch (bulletin MS07-039) is particularly dangerous because it "can allow any user on the network to take over a domain controller," he said.
It does so "by leveraging a problem in LDAP [the Lightweight Directory Access Protocol] turned on by default" by Microsoft in Windows 2000 and 2003 Server systems, he added. It's "critical" because it could allow an attacker take over a domain controller and gain access to every user name and password on the system, he added.
That would include discovering the master password for the security controller, Shultze said. "This is the crown jewel" of a Microsoft-based domain and should be fixed ASAP, he added. If an enterprise "loses control of the domain controller, there's no sense in patching the others, because attacker now has you."
IBM X-Force researcher Neel Mehta, who created a proof-of-concept exploit code, discovered the Active Directory flaw in July, 2007.
The .Net Framework vulnerability has the potential to affect a broad range of applications on all of Microsoft's Windows platforms, said Don Leatham, director of business development for PatchLink.
"It's such a pervasive part of Microsoft technology," he said, noting that it's used as the foundation in many organisations' internal as well as commercial shrink-wrapped applications.
"Because so many businesses use .Net Framework to develop business applications, both software-development and operations teams must patch their systems," Andrew Storms, director of security operations at nCircle.
Although Microsoft rated MS07-041 as "important," Shultze called the vulnerability, which affects Microsoft's Internet Information Server (IIS) running on Windows XP, as critical.
"Microsoft says because ISS is not installed by default -- that you have to go out of way to run it --it's not critical," he explains. "But it's critical if you have a web server on XP because a remote attacker can send one URL and can gain complete access to XP machine."
The final Microsoft-labeled "critical" patch involves a flaw in Excel. Opening an Excel file with malicious code on an unpatched Windows PC could allow a remote user to hijack the system via a buffer overflow.
Microsoft also patched a flaw in a process called "teredo," which manages IPV6 and IPV4 bridging. The flaw that can open a hole in the Windows Vista firewall in the presence of a malicious URL, according to Shultze.