Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • PC Hardware

    Microsoft Fixes Glitches in IE, Multimedia, Vista

    By
    LISA VAAS
    -
    December 11, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft’s latest monthly patch set tackles critical vulnerabilities that attackers can exploit in the wild to target PC users.

      Microsoft released seven security bulletins that addressed 11 vulnerabilities on its Dec. 11 Patch Tuesday. Of those, three bulletins containing seven client-side vulnerabilities are rated as critical and affect nearly all major Microsoft operating systems: 2000, XP, 2003 and Vista.

      “The more alarming vulnerabilities are those in Windows Media Format Runtime and Internet Explorer, since a successful exploit could occur when a user visits a malicious Web page or when viewing a malicious e-mail. Neither issue requires any further interaction by the victim to exploit, compounding the problem,” Ben Greenbaum, senior research manager for Symantec Security Response, said in a release.

      Microsoft said in its security advisory for four IE flaws that it has received information that at least one of the IE vulnerabilities is being exploited in the wild.

      Both Symantec and Shavlik Technologies’ Chief Technology Officer Eric Schultze rated the four critical vulnerabilities in Internet Explorer as the most important for users to tackle. Microsoft addressed the vulnerabilities in its MS07-069 security advisory. All four new flaws in IE could lead to attackers taking over vulnerable systems.

      The risk is rated critical for these flaws on all supported releases of IE except for IE 6 and 7 on Windows Server 2003, on which the flaws are rated moderate.

      The flaws affect IE 5.01, 6, 6 Service Pack 1 and 7, to varying degrees. The updates address IE vulnerabilities on up-to-date Windows 2000, Windows XP x86/x64, Windows 2003 Server x86/x64/Itanium and Windows Vista x86/x64 systems.

      The two other critical bulletins are MS07-068—which covers a flaw in Windows Media Format Runtime that could allow a remote attacker to take over a system—and MS07-064—an advisory that covers two vulnerabilities in Microsoft DirectX that again could give remote attackers the ability to execute arbitrary code on a victimized system.

      Click here to read about why a Microsoft report on IE security brought a quick retort from Mozilla.

      The Windows Media Format Runtime update affects supported editions of Windows Media Format Runtime 7.1, 9, 9.5, 11 and is for Windows Media Services 9.1. The DirectX update affects all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Vista.

      Bulletins 64 and 68 are similar in that they both address vulnerabilities that involve users visiting malicious sites and getting attacked. The vulnerabilities are not actively being exploited now—at least, not to Microsoft’s knowledge.

      One of the vulnerabilities that Microsoft rated important is in fact being exploited, however. Namely, a local elevation of privilege vulnerability exists in how the Macrovision driver incorrectly handles configuration parameters. An attacker can exploit this vulnerability to take complete control of a vulnerable system. An attacker could then install programs, view, change or delete data, or create new accounts with full user rights, Microsoft said in its advisory MS07-067.

      The Macrovision bug is a zero-day problem that’s been around since October. FrSIRT reported on Oct. 19 that the trouble is a memory corruption error in the Macrovision Security Driver when processing user-supplied data. The vulnerability can be used by local attackers to gain so-called Ring 0 privileges and take complete control of an affected system.

      That’s bad. The term “Ring” refers to a protection ring of one or more hierarchical levels of privilege, with Ring 0 being the level with the most privileges and interacting the most directly with physical hardware, including the CPU and memory.

      Macrovision patched the problem about a month ago in November, which is likely why Microsoft only rates the issue as “important” as opposed to critical, Schultze said. “If you deployed the Macrovision patch you’re safe; it’s the same patch that Microsoft is shipping,” he said.

      Beyond the critical client-side vulnerabilities in IE, DirectX and Windows Media Format Runtime, security researchers are giving Vista coal in its stocking: Out of the seven security bulletins Microsoft released, five affect Microsoft’s newest, ostensibly most secure operating system.

      The critical patches address vulnerabilities that could lead to system hijacking in all major Windows operating systems, including Vista. In addition, one of two important flaws in Vista has cropped up in SMBv2, a packet-signing security feature that was specifically rewritten to be more secure in its Vista incarnation.

      “That’s brand-new code that went through [the Vista] security-vetting process, and it still has this big security vulnerability,” said Shavlik’s Schultze. “It’s not a good month for Vista—not a good year for Vista.”

      Other security researchers agreed that Vista doesn’t look good at the moment. “The sheer number of vulnerabilities this month that affect Windows Vista is a concern,” Greenbaum said in Symantec’s release.

      Packet signing is meant to keep Vista users more secure by guaranteeing the origins of a given packet, but in the case of the vulnerability covered in MS07-063, a remote user could spoof a Vista user’s signature.

      Pulling off an impersonation attack isn’t very easy, though, which is likely why Microsoft only rated the flaw as “important,” Schultze said.

      Another important security advisory, MS07-066, involves a vulnerability in the Windows kernel that affects Vista. The flaw is an elevation of privilege vulnerability in the way that Vista’s Windows kernel processes certain access requests. The vulnerability could lead to an attacker taking complete control of a target system. An attacker could then install programs, view, change or delete data, or create new accounts with full administrative rights.

      Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK’s Security Watch blog.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×