[Sunnet Alert] Advisory #222 - Microsoft (Multiple), Multiple News

Security and IT News Alerts alertmailinglist at skiifwrald.com
Wed Apr 11 20:20:06 EST 2007 

Sûnnet Beskerming Alert List Advisory #222

You are receiving this message because you have subscribed to our  
Information Security Alert Mailing List, or have been selected for a  
specific one-off copy.  If you believe that you are receiving this  
message in error, please contact info at beskerming.com to resolve the  
error.

Why not upgrade to get same day notification on security threats?   
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).

Why not go the next step and get delivery tailored just for your  
company?
(http://www.beskerming.com/premium/focussed_advisory.html)


Contents
--------------------------------------------------------------------
1.	SECURITY
--------------------------------------------------------------------
1.1	Microsoft (Multiple)
	- Remote Hacker Automatic Control
	- Time Since Discovery - 1 Day
=======================================
/*
	- Remote or Local - Can it be achieved through a network or does it  
require physical access?
	- Hacker - The bad guy
	- Manual or Automatic  - Does the vulnerability need to be manually  
performed, or can it be automated?
	- Control, Denial of Service or Data Theft - Will the hacker get  
control of your system / website, will they prevent you from using  
it, or will they steal data.
*/
--------------------------------------------------------------------
2.    NEWS
--------------------------------------------------------------------
2.1	April Security Patch Release
2.2	Exploits
=====================================

1.	SECURITY

1.1	Microsoft (Multiple) - Remote Hacker Automatic Control

	-- Products Affected --
	Windows 2000, XP, 2003, Vista
	Content Management Server

	-- Technical Description --
	MS07-017 - Numerous image handling.  Arbitrary code execution, DoS,  
privilege escalation - Replaces MS06-001, MS05-053, MS05-002.   
Critical (out of cycle patch)
	MS07-018 - Content Management Server. Remote Code Execution. Critical
	MS07-019 - Universal Plug and Play. Remote Code Execution. Critical
	MS07-020 - Microsoft Agent. Remote Code Execution.  Critical
	MS07-021 - Numerous CSRSS vulnerability. Remote Code Execution,  
privilege elevation. Critical
	MS07-022 - Windows. Privilege elevation - Replaces MS06-049. Important

	-- Description --
	Microsoft delivered five patches as part of the April Security  
Update release.  All but one of the patches are rated as Critical,  
with the remaining patch rated as Important.  Because of the release  
of a Critical out-of-cycle patch earlier in the month (MS07-017),  
coverage has also been included here.

	-- Recommended Action --
	All users and administrators should apply the updates at the  
earliest opportunity.

	-- Source --
	http://www.beskerming.com/premium/patch_pack.html
	http://store.eSellerate.net/s.asp? 
s=STR3448907936&Cmd=CATALOG&CategoryID=9811
	
	-- Updates Available --
	(Paid subscription required to access)

	-- External Tracking Data --
	(Paid subscription required to access)

	-- Threat Matrix --
			U	O
	Home User	10	10 (Highly Critical)
	Corporate	10	10 (Highly Critical)

=======================================
/*
Threat Matrix:
	U - User
	O - Operator
	Harmless - 0 ----- 10 - Highly Critical
*/
=======================================

2.	NEWS

2.1	April Security Patch Release

Microsoft released five patches as expected with their April Security  
Patch Release, which makes for a total of six patches released in  
April when the out-of-cycle MS07-017 patch is also considered.  Most  
of the companies and researchers responsible for uncovering and  
reporting the vulnerabilities to Microsoft have already posted  
detailed technical information about the respective vulnerabilities,  
and it is known that there have been exploits readily available for  
some time for at least some of the vulnerabilities.

As reported below, there has been little time between the patch  
release and the next round of '0-day' releases, with several Office- 
related problems, and a Help file potential arbitrary code execution  
condition.

Microsoft's newest Windows version, Vista, performs relatively well  
with this month's patches, with only two of the patches providing  
arbitrary code execution conditions on Vista.  Unfortunately, those  
two sets of vulnerabilities are the most well understood and have the  
most evolved exploit code available (.ANI vulnerability and the CSRSS  
message box).


2.2	Exploits

Rather than waiting for '0-day Wednesday' (follows Microsoft's Patch  
Tuesday), detailed technical exploits for previously undisclosed  
vulnerabilities in Microsoft products have already been released onto  
a number of websites.  Although most of the Office vulnerabilities  
disclosed merely lead to a denial of service condition through  
resource exhaustion (CPU usage), there are some concerns about a  
memory overflow affecting the wwlib.dll.  At this point, all the  
released information does is demonstrate a simple crash, but it is  
believed that code execution may be possible as well.

The remaining Microsoft vulnerability disclosed deals with a local  
heap overflow when dealing with corrupted Windows Help files (.hlp).

Sample exploit code for a remote code execution vulnerability  
affecting Kerberos (Advisory #60), has also been released - as a  
simple 12 line shell script.  It is critical for users and  
administrators who have not already updated their Kerberos  
installations to do so at the earliest opportunity.

=======================================

Sincerely,

Sûnnet Beskerming Team
info at beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444

** Sûnnet Beskerming Pty. Ltd. **

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist  
and, in conjunction with the tools developed by Jongsma & Jongsma  
Pty. Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.

More information about the Alertmailinglist mailing list