The third critical vulnerability in .Net lies within the frameworks JIT (Just In Time) Compiler (CVE-2007-0043). This too is a remote code execution flaw wherein a successful attacker can take over a target system and then install programs; view, change or delete data; or create new accounts with full user rights. Again, users running with reduced rights could be less impacted than those running as administrators. The mitigating factors for the JIT bug are the same as those for the PE Loader flaw. Microsoft has extensive workaround instructionscheck the MS07-040 bulletin site to get them."Vulnerabilities in Office applications have been a favorite attack method among cybercrooks," he said in a statement. "Trojan horse attacks often use rigged Office files that exploit vulnerabilities in the productivity applications." One of Excels flaws is a remotely exploitable calculation error vulnerability (CVE-2007-1756) that could let attackers send a malformed Excel file as an e-mail attachment or host a maliciously crafted Excel file on a compromised or malicious site. The second and third Excel vulnerabilities, also remotely exploitable, are both Worksheet Memory Corruption flaws (CVE-2007-3029 and CVE-2007-3030). These flaws also entail malicious files being hosted on Web sites or sent via e-mail attachments. For mitigating factors and workarounds, see Microsofts Security Bulletin MS07-036. To read to read why Microsoft chose not to issue a patch to fix an Internet Information Server 5.0 vulnerability, click here. Microsofts final critical security bulletin, MS07-039, covers a vulnerability in Windows Active Directory that could lead to system hijacking. Active Directory, a Microsoft implementation of LDAP directory services, is used primarily in Windows environments. Its main purpose is central authentication and authorization services for Windows-based computers. Administrators also use it to assign policies, deploy software, and apply critical updates to entire organizations. Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can range in size from a few hundred objects on up to millions of objects. "Active Directory is widely used as a directory service by businesses," McAfees Marcus said. "One of the vulnerabilities addressed today could expose Windows 2000 users to worm-type attacks since it could be exploited over the Internet by an anonymous attacker." Microsoft says that DoS (denial of service) is the likeliest outcome of this vulnerability, but remote code execution is still possible. The possibility of system takeover is threatened by a flaw in the way that Active Directory validates an LDAP request. An attacker who successfully exploited the bug could take complete control of an affected system. The DoS vulnerability in Active Directory is caused by the way AD validates a client-sent LDAP request. An attacker could exploit the vulnerability by sending a specially crafted LDAP request to a server running Active Directory. For mitigating factors and workarounds, check MS07-039. In addition to its three critical security bulletins, Microsoft also put out two important security bulletins. One of those important bulletins, MS07-037, concerns a vulnerability in Microsoft Office Publisher that could allow for system takeover. A successful exploit would involve a user viewing a specially crafted Office Publisher file. The second important security bulletin, MS07-041, involves a vulnerability in IIS (Internet Information Services) 5.1 on Windows XP Professional SP2 that could allow for system takeover. An attacker would need to send maliciously crafted URL requests to a Web page hosted by IIS. Finally, Microsoft put out a patch for a flaw it labeled moderate in Windows Vista Firewall. The flaw, which could allow incoming unsolicited network traffic to access a network interface, could give an attacker information about the affected host. For instructions on getting the updates and versions affected, check the July 2007 bulletin summary page.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
For its part, Excels suffering from three critical vulnerabilities addressed in a second security bulletin. All three are remotely exploitable and can set vulnerable systems up for getting walloped by a Trojan horse, said McAfees Marcus.