Microsoft Issues Major Patch Release in Feb. Cycle

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

As part of its monthly patch cycle, Microsoft today released a dozen security patches ranging in importance from moderately critical to highly critical. The fixes affect Windows technologies including Office, Windows Media Player, Sharepoint and Internet Explorer.

Antother tool update has been added to help users remove various forms of viruses from their PCs. First introduced last month, the tool will now also remove new variants of Netsky, Zafi and other malware from users' systems.

The sheer volume of patches for vulnerabilities issued Tuesday dwarfs the three issues that last month's update addressed.

Microsoft security Bulletin MS05-012 is rated as critical and is titled, Vulnerability in OLE and COM , which could allow remote code execution.

It is actually composed of two related though separate vulnerabilities that carry the CVE identifications of COM Structured Storage Vulnerability - CAN-2005-0047 and Input Validation Vulnerability - CAN-2005-004.

The COM vulnerability relates to the way programs access memory during processing of COM structured storage files. The input validation issue is a similar flaw in OLE.

Microsoft's Security Bulletin MS05-013 is titled, "Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution" and fixes CVE issue CAN-2004-1319. This vulnerability is an ActiveX control issue with Dynamic HTML that could allow for remote code execution. By simply visiting a Web site that has the exploit code on it, a user's unprotected system could have been compromised.

Microsoft Security Bulletin MS05-014 and covers four different Internet Explorer specific vulnerabilities. CVE notation CAN-2005-0053 is titled, "Drag-and-Drop Vulnerability" and addresses issues that have been previously reported in the security community.

Microsoft's MS05-008 Bulletin addresses the same CVE number as it relates to drag and drop in the Windows shell.

CAN-2005-0054 is titled, "URL Decoding Zone Spoofing Vulnerability" and is a possible attack vector for phishers . If unpatched, it would allow the attacker to spoof an address in the process of of identity theft or other attacks on an unsuspecting user. According to the Microsoft advisory, "significant user interaction is required to exploit this vulnerability."

CAN-2005-0055 is a DHTML Method Heap Memory Corruption Vulnerability and is related to the same ActiveX issue though with different exploit code and result as CAN-2004-1319:

The Channel Definition Format (CDF) Vulnerability (CAN-2005-0056) is a cross domain scripting vulnerability that Microsoft also noted would require significant user interaction to execute.

Microsoft Security Bulletin MS05-015 is titled," Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution" and addresses CAN:2005-0057. According to the Microsoft advisory, the problem exists because of an unchecked buffer while handling hyperlinks. By clicking a maliciously constructed hyperlink a user could unwittingly trigger an attack, which would allow for remote code execution on the users PC.

Microsoft Security Bulletin MS05-009 deals with a PNG Processing vulnerability that affects Windows Media Player, Windows Messenger and MSN Messenger. Two CVE notations (CAN-2004-1244, CAN-2004-0597) are encompassed by this advisory. The programs have a vulnerability in the way they handle PNG image files that have excessive height or width values.

Simply by constructing a malicious image, a user that clicked on it could have their PC taken over.

Microsoft Security Bulletin MS05-010 affects Microsoft's Windows Server 2003 and NT products and exploits a vulnerability in those products License Logging Service. The vulnerability is classified as CAN-2005-0050 and if exploited leaves the server open for remote arbitrary code execution. to take complete control of the affected system.

Microsof t Security Bulletin MS05-011 addresses CAN-2005-0045 which is a Server Message Block Vulnerability. As with most of the other vulnerabilities that Microsoft is patching in this release, it could lead to a complete takeover of an infected machine.

Microsof t Security Bulletin MS05-004 fixes a path validation vulnerability (CAN-2004-0847) that affect the ASP.NET framework. Microsoft's advisory classifies the issue as a "canonicalization" issue that could allow an attacker to bypass ASP.net security measures to gain access.

Microsof t Security Bulletin MS05-006 affects the Sharepoint collaboration application. The patch addresses CAN-2005-0049, which is a Cross-site Scripting and Spoofing Vulnerability.

Mi crosoft Security Bulletin MS05-005 affects Microsoft Office XP, Microsoft Project 2002, Microsoft Visio 2002 or Microsoft Works Suite. The patch fixes a critical vulnerability (CAN-2004-0848) that allows a buffer overrun condition to be triggered ultimately resulting in a situation where an attacker could gain complete control of a system.

Submit a Comment

Loading Comments...