• Information Security Office
• Secure Computing
• Security Alerts
• Microsoft Releases February 2007 Security Bulletin for Multiple Vulnerabilities

Security Alerts

Search Security Alerts:

February 21, 2007

Microsoft Releases February 2007 Security Bulletin for Multiple Vulnerabilities

Summary

On February 12, 2007 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists twelve (12) security vulnerabilities, with six (6) listed as critical and six(6) listed as important. All these patches should be applied. The six critical ones are patches for HTML Help ActiveX, MDAC Active X, Malware protection, MS Word, MS office, and IE Internet Explorer which all lead to remote execution when a system is left unpatched. The affected operating system platforms are:

* Windows Server 2003
* Windows XP
* Windows 2000 SP4

It is imperative patches with critical and important designations be applied due to the serious nature of remote execution vulnerabilities which can allow for complete compromise and control of systems originating from within campus and the Internet. With the exception of the critical MS Word, MS Office, and malware patches, the rest of this month's patches will be delivered via BigFix. Local Big Fix admins are to apply the MS Office, MS Word, and malware patches manually. Details are in the Technical Details section of this post.

What to Do

Windows users can manually use "Windows Update" to download and install the current operating system patches. Additionally, it is recommended that all Windows machines have an automated patch management solution installed and configured on their system. Stanford provides BigFix to automatically patch Windows machines; it is available at http://patching.stanford.edu. A customized update will be delivered to workstations and servers via BigFix if you subscribed to this service. The BigFix deliverable includes all of the patches of this bulletin with the exception of the MS Word, MS Office, and malware patches. Individual updates can be downloaded by going to the Summary section of this Microsoft website. Please remember to reboot your machine after patching manually, or when prompted to do so by Windows Update or by your BigFix administrator. Most patches do not take effect until after a reboot.

Technical Details

It is important all patches designated as critical or important be applied. The patches for the vulnerabilities are listed as follow, and will all be delivered via BigFix:

Critical (6):

*Microsoft Security Bulletin MS07-008
Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
his update resolves a vulnerability in HTML Help that could allow remote code execution.

HTML Help ActiveX Control Vulnerability - CVE-2007-0214
A remote code execution vulnerability exists in the HTML Help ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

*Microsoft Security Bulletin MS07-009
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution(927779)
This update resolves a vulnerability in Microsoft Data Access Components that could allow remote code execution.

Microsoft Windows MDAC ActiveX Vulnerability - CVE-2006-5559:
A remote code execution vulnerability exists in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS07-010
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)
This update resolves a vulnerability in the Microsoft Malware Protection Engine that could allow remote code execution.

Microsoft Malware Protection Engine Vulnerability - CVE-2006-5270:
A remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

Microsoft Security Bulletin MS07-014
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
This update resolves vulnerabilities in Microsoft Word that could allow remote code execution.

Word Malformed String Vulnerability - CVE-2006-5994:
A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.

Word Malformed Data Structures Vulnerability - CVE-2006-6456:
A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted data structure. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability.

Word Count Vulnerability – CVE-2006-6561:
A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes an unchecked count. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability.

Word Macro Vulnerability – CVE-2007-0208:
A remote code execution vulnerability exists in Microsoft Word. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Word Malformed Drawing Object Vulnerability - CVE-2007-0209:
A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes a malformed drawing object. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.

Word Malformed Function Vulnerability - CVE-2007-0515:
A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes a malformed function. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.

Microsoft Security Bulletin MS07-015
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
This update resolves vulnerabilities in Microsoft Office that could allow remote code execution.

PowerPoint Malformed Record Memory Corruption Vulnerability - CVE-2006-3877:
A remote code execution vulnerability exists in PowerPoint and could be exploited when PowerPoint opened a specially crafted file. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution.

Excel Malformed Record Vulnerability - CVE-2007-0671:
A remote code execution vulnerability exists in Excel and could be exploited when Excel opened a specially crafted file. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.

*Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-4697:
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0219:
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

FTP Server Response Parsing Memory Corruption Vulnerability - CVE-2007-0217:
A remote code execution vulnerability exists in the way Internet Explorer interprets certain responses from FTP servers. An attacker could exploit the vulnerability by sending specially crafted FTP responses in an FTP session to the FTP client included in Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important (6)

*Microsoft Security Bulletin MS07-005
Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
This update resolves a vulnerability in Step-by-Step Interactive Training that could allow remote code execution. User interaction is required to exploit this vulnerability.

Interactive Training Vulnerability - CVE-2006-3448:
A remote code execution vulnerability exists in Step-by-Step Interactive Training because of the way that Step-by-Step Interactive Training handles bookmark link files. An attacker could exploit the vulnerability by constructing a specially crafted bookmark link file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

*Microsoft Security Bulletin MS07-006
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)
This update resolves a vulnerability in Windows Shell that could allow elevation of privilege.

Windows Shell Hardware Detection Vulnerability - CVE-2007-0211:
A privilege elevation vulnerability exists in Windows Shell in the way that the operating system performs detection and registration of new hardware. This vulnerability could allow an authenticated user to take complete control of the system.

*Microsoft Security Bulletin MS07-007
Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)
This update resolves a vulnerability in the Windows Image Acquisition Service that could allow elevation of privilege.

Windows Image Acquisition Vulnerability - CVE-2007-0210:
A privilege elevation vulnerability exists in Windows XP Service Pack 2 in the way that the Window Image Acquisition Service starts applications. This vulnerability could allow a logged on user to take complete control of the system.

*Microsoft Security Bulletin MS07-011
Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)
This update resolves a vulnerability in Microsoft OLE Dialog that could allow remote code execution. User interaction is required to exploit this vulnerability.

OLE Dialog Memory Corruption Vulnerability - CVE-2007-0026:
A remote code execution vulnerability exists in the OLE Dialog component provided with Microsoft Windows. An attacker could attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file.

*Microsoft Security Bulletin MS07-012
Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
This update resolves a vulnerability in Microsoft MFC that could allow remote code execution. User interaction is required to exploit this vulnerability.

MFC Memory Corruption Vulnerability - CVE-2007-0025:
A remote code execution vulnerability exists in the MFC component provided with Microsoft Windows and Visual Studio. An attacker could exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file.

*Microsoft Security Bulletin MS07-013
Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
This update resolves a vulnerability in Microsoft RichEdit that could allow remote code execution. User interaction is required to exploit this vulnerability.

Microsoft RichEdit Vulnerability - CVE-2006-1311:
A remote code execution vulnerability exists in the RichEdit components provided with Microsoft Windows and Microsoft Office. An attacker could exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file.

Affected Platforms and Applications:

.Windows Server 2003 Service Pack 1
.Windows Server 2003
.Windows Server 2003 with SP1 for Itanium-based Systems
.Windows Server 2003 for Itanium-based Systems
.Windows Server 2003 x64 Edition
.Windows XP Service Pack 2
.Windows XP Professional x64 Edition
.Windows 2000 Service Pack 4

Office 2000 Service Pack 3
Office 2000 Multilanguage Packs
Project 2000 Service Release 1
Word 2000
Office XP Service Pack 3
Project 2002 Service Pack 1
Visio 2002 Service Pack 2
Word 2002
Office 2003 Service Pack 2
Word 2003
Word 2003 Viewer
Learning Essentials 1.0
Learning Essentials 1.1
Learning Essentials 1.5
Global Input Method Editor for Office 2000 (Japanese)
Microsoft Office 2004 for Mac
Word 2004 for Mac
Microsoft Works Suites 2004, 2005, and 2006

Visual Studio .NET 2002
Visual Studio .NET 2002 Service Pack 1
Visual Studio .NET 2003
Visual Studio .NET 2003 Service Pack 1

Microsoft Data Access Components 2.5 Service Pack 3 on Windows 2000 SP4
Microsoft Data Access Components 2.7 Service Pack 1 when installed on Windows 2000 SP4
Microsoft Data Access Components 2.8 when installed on Windows 2000 SP4
Microsoft Data Access Components 2.8 Service Pack 1 when installed on Windows 2000 SP4
Microsoft Data Access Components 2.8 Service Pack 1 on Windows XP SP2
Microsoft Data Access Components 2.8 on Windows Server 2003
Microsoft Data Access Components 2.8 on Windows Server 2003 on Itanium-based Systems
Microsoft Antigen for Exchange 9.x
Microsoft Antigen for SMTP Gateways 9.x
Forefront Security for Exchange Server
Forefront Security for SharePoint
Windows Defender
Windows Defender x64 Edition
Windows Live OneCare
Step-by-Step Interactive Training when installed on Windows 2000 SP4
Step-by-Step Interactive Training when installed on Windows XP SP2
Step-by-Step Interactive Training when installed on Windows XP Professional x64 Edition
Step-by-Step Interactive Training when installed on Windows Server 2003
Step-by-Step Interactive Training when installed on Windows Server 2003 SP1
Step-by-Step Interactive Training when installed on Windows Server 2003 for Itanium-based Systems
Step-by-Step Interactive Training when installed on Windows Server 2003 with SP1 for Itanium-based Systems
Step-by-Step Interactive Training when installed on Windows Server 2003 x64 Edition

References

Detailed information about specific affected platforms and applications can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx