Active Directory and .Net Framework vulnerabilities have the potential to significantly negative impact enterprise systems, noted Eric Shultze, the chief security architect at Shavlik Technologies.
The Active Directory patch (bulletin MS07-039) is particularly dangerous because it "can allow any user on the network to take over a domain controller," he said.
It does so "by leveraging a problem in LDAP [the Lightweight Directory Access Protocol] turned on by default" by Microsoft in Windows 2000 and 2003 Server systems, he added. It's "critical" because it could allow an attacker take over a domain controller and gain access to every user name and password on the system, he added.
That would include discovering the master password for the security controller, Shultze said. "This is the crown jewel" of a Microsoft-based domain and should be fixed ASAP, he added. If an enterprise "loses control of the domain controller, there's no sense in patching the others, because attacker now has you."
IBM X-Force researcher Neel Mehta, who created a proof-of-concept exploit code, discovered the Active Directory flaw in July, 2007.
The .Net Framework vulnerability has the potential to affect a broad range of applications on all of Microsoft's Windows platforms, said Don Leatham, director of business development for PatchLink.
"It's such a pervasive part of Microsoft technology," he said, noting that it's used as the foundation in many organisations' internal as well as commercial shrink-wrapped applications.
"Because so many businesses use .Net Framework to develop business applications, both software-development and operations teams must patch their systems," Andrew Storms, director of security operations at nCircle.
Although Microsoft rated MS07-041 as "important," Shultze called the vulnerability, which affects Microsoft's Internet Information Server (IIS) running on Windows XP, as critical.
"Microsoft says because ISS is not installed by default -- that you have to go out of way to run it --it's not critical," he explains. "But it's critical if you have a web server on XP because a remote attacker can send one URL and can gain complete access to XP machine."
The final Microsoft-labeled "critical" patch involves a flaw in Excel. Opening an Excel file with malicious code on an unpatched Windows PC could allow a remote user to hijack the system via a buffer overflow.
Microsoft also patched a flaw in a process called "teredo," which manages IPV6 and IPV4 bridging. The flaw that can open a hole in the Windows Vista firewall in the presence of a malicious URL, according to Shultze.
Microsoft fixes 11 vulnerabilities, 8 'critical,' on Patch Tuesday
By
Jim Carr
on
Jul 11, 2007 10:47AM
Microsoft released six patches covering 11 vulnerabilities on July's monthly Patch Tuesday, including "critical" fixes impacting Active Directory on Windows 2000 and 2003 Server and its .Net Framework products. In all, Microsoft rated eight of the 11 vulnerabilities as critical.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Operationalising net zero to be centre stage at IoT Impact conference
Promoted Content
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content
Security "mindset shift" needed to protect organisations
Partner Content
Matt Tett to lead essential primer session on security by design
Sponsored Whitepapers
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
