Security Alerts
July 13, 2005
Microsoft Releases Patches for Multiple Critical Vulnerabilities
Summary
On July 12, 2005, Microsoft released three new critical security updates. All current versions of Windows are affected by some of them.
The vulnerabilities are in the Windows Operating System, Office and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system.
Exploit code for all Microsoft critical vulnerabilities should be considered available. Applying the patches is strongly recommended. If you are unable to quickly do this, you are encouraged to carefully read the Microsoft alerts and implement compensating controls until the patches can be applied.
What to Do
Windows users can manually use "Windows Update" to download and install the current operating system patches.
Additionally, it is recommended that all Windows machines have an automated patch management solution installed and configured on their system. Stanford provides BigFix to automatically patch Windows machines; it is available at http://patching.stanford.edu. Alternatively, Windows Automatic Update should be enabled.
Technical Detail
Information regarding the security updates is available at http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx. The following are brief summaries of those rated as critical.
MS05-035 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
- Affected platforms: Word, Word 2002, Microsoft Works Suite
- If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
- User would need to be persuaded to open a malicious document to trigger the exploit
MS05-036 - Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
- Affected platforms:
- Windows 2000
- Windows XP
- Windows Server 2003
- A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation.
- If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
- A user would need to be persuaded to view a malicious image to trigger this exploit. In the simplest case, this could occur if the user receives a message containing such an image and the previewer of his email program displays it.
MS05-037 - Vulnerability in JView Profiler Could Allow Remote Code Execution
- Affected platforms:
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows 98, 98 (SE) and 98 (ME)
- This update resolves a newly-discovered, public vulnerability. A COM object, the JView Profiler (Javaprxy.dll), when instantiated in Internet Explorer, contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system.
- If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
- A user would need to be persuaded to either visit a web site with malicious content, or open an email that results in his browser and/or email previewer automatically connecting to that web site.
References
Additional information regarding these vulnerabilities is available at
- http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx
- http://www.us-cert.gov/cas/techalerts/TA05-193A.html
The Information Security Office would like to thank the Windows Systems Team in ITSS for their assistance in producing this alert.