Security Alerts
August 15, 2007
Microsoft Releases August 2007 Security Bulletin for Multiple Vulnerabilities
Summary
On August 14, 2007 Microsoft released their monthly security bulletin with the latest security updates for workstations and servers. The Microsoft bulletin lists nine (9) security vulnerabilities, with six (6) listed as critical and three (3) listed as important. The six critical ones are patches for XML Core Services (IE web browser), Object Linking and Embedding (OLE), Microsoft Excel, Internet Explorer, Graphics Rendering Engine (GDI), and the Vector Markup Language (VML) which all can lead to remote execution when a system is left unpatched. The three remaining important patches are for Windows Media Player, Windows Gadgets, and Virtual PC which can lead to remote code execution or elevation of privilege if left unpatched. The affected operating system platforms are:
* Windows Server 2003
* Windows XP
* Windows 2000 SP4
* Windows Vista
It is imperative patches with critical and important designations be applied due to the serious nature of remote execution vulnerabilities which can allow for complete compromise and control of systems originating from within campus and the Internet. The Windows Gadgets patch only applies to Vista systems. Stanford's BigFix will be delivering all these patches except for these two: the Virtual PC patch because of its low install base here on campus, and the Excel patch which will require a local administrator to intervene. Details are in the Technical Details section of this post.
What to Do
Windows users can manually use "Windows Update" to download and install the current operating system patches. Additionally, it is recommended that all Windows machines have an automated patch management solution installed and configured on their system. Stanford provides BigFix to automatically patch Windows machines; it is available at http://patching.stanford.edu. A customized update will be delivered to workstations and servers via BigFix if you subscribed to this service. The BigFix deliverable includes all this months's patches except the Virtual PC and Excel patches. Individual updates can be downloaded by going to the Summary section of this Microsoft website. Please remember to reboot your machine after patching manually, or when prompted to do so by Windows Update or by your BigFix administrator. Most patches do not take effect until after a reboot.
Technical Details
It is important all patches designated as critical or important be applied. The patches for the vulnerabilities are listed as follow, those with an * delivered via BigFix:
Critical (6)
*MS07-042 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Impact: Remote Code Execution
Microsoft XML Core Services Vulnerability - CVE-2007-2223
A remote code execution vulnerability exists in Microsoft XML Core Services that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
*MS07-043 - Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Impact: Remote Code Execution
OLE Automation Memory Corruption Vulnerability - CVE-2007-2224
A remote code execution vulnerability exists in Object linking and embedding (OLE) Automation that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS07-044 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
Impact: Remote Code Execution
Workspace Memory Corruption Vulnerability – CVE-2007-3890
A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site.
*MS07-045 - Cumulative Security Update for Internet Explorer (937143)
Impact: Remote Code Execution
CSS Memory Corruption Vulnerability - CVE-2007-0943
A remote code execution vulnerability exists in the way Internet Explorer parses certain strings in CSS. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user..
ActiveX Object Vulnerability - CVE-2007-2216
A remote code execution vulnerability exists in the ActiveX control, tblinf32.dll. This control can also be found under the name of vstlbinf.dll. Both of these components were never intended to be supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041
A remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
*MS07-046 - Vulnerability in GDI Could Allow Remote Code Execution (938829)
Impact: Remote Code Execution
Remote Code Execution Vulnerability in GDI– CVE-2007-3034
A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
*MS07-050 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Impact: Remote Code Execution
VML Buffer Overrun Vulnerability - CVE-2007-1749
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail. When a user views the Web page or the message, the vulnerability could allow remote code execution.
Important (3)
*MS07-047 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)
Impact: Remote Code Execution
Windows Media Player Code Execution Vulnerability Parsing Skins – CVE-2007-3037
A code execution vulnerability exists in Windows Media Player skin parsing. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Windows Media Player Code Execution Vulnerability Decompressing Skins - CVE-2007-3035
A remote code execution vulnerability exists in Windows Media Player an attacker who successfully exploited this vulnerability could take complete control of an affected system.
*MS07-048 - Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Impact: Remote Code Execution
Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033
A remote code execution vulnerability exists in Windows Vista Feed Headlines Gadgets that could allow a remote anonymous attacker to run code with the privileges of the logged on user.
Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032
A code execution vulnerability exists in Windows Vista Contacts Gadget that could allow an attacker to run code with the privileges of the logged on user.
Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891
A remote code execution vulnerability exists in Windows Vista Weather Gadgets that could allow an attacker to run code with the privileges of the logged on user.
MS07-049 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Impact: Elevation of Privilege
Virtual PC and Virtual Server Heap Overflow Vulnerability - CVE-2007-0948
An elevation of privilege vulnerability exists in Microsoft Virtual PC and Microsoft Virtual Server that could allow a user with administrator permissions to the guest operating system to run code on the host operating system or other guest operating systems. An attacker with administrator permissions to the guest operating system, could exploit the vulnerability by running specially crafted code on the guest operating system. This could result in a heap overflow on the host or other guest operating systems. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Affected Platforms and Applications:
Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 for Itanium-based Systems
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista
Windows Vista x64 Edition
Internet Explorer 5.01/6/7
Windows Media Player 7.1 on Microsoft Windows 2000 Service Pack 4
Windows Media Player 9 when installed on Microsoft Windows 2000 Service Pack 4
Windows Media Player 9 on Windows XP Service Pack 2
Windows Media Player 10 when installed on Windows XP Service Pack 2
Windows Media Player 10 on Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Media Player 10 on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Media Player 10 on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Media Player 11 when installed on Windows XP Service Pack 2
Windows Media Player 11 on Windows XP Professional X64 Edition and Windows XP Professional X64 Edition Service Pack 2
Windows Media Player 11 in Windows Vista
Windows Media Player 11 in Windows Vista x64 Edition
Microsoft Virtual PC 2004
Microsoft Virtual PC 2004 Service Pack 1
Microsoft Virtual Server 2005 Standard Edition
Microsoft Virtual Server 2005 Enterprise Edition
Microsoft Virtual Server 2005 R2 Standard Edition
Microsoft Virtual Server 2005 R2 Enterprise Edition
Microsoft Virtual PC for Mac Version 6.1
Microsoft Virtual PC for Mac Version 7
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 2 with Microsoft XML Core Services 5.0 (KB936048)
Microsoft Excel Viewer 2003
Microsoft Office 2004 for Mac
2007 Office System with Microsoft XML Core Services 5.0 (KB936960)
Microsoft Office Groove Server 2007 with Microsoft XML Core Services 5.0 (KB936056)
Microsoft Office SharePoint Server with Microsoft XML Core Services 5.0 (KB936056)
Microsoft Visual Basic 6.0 Service Pack 6 (KB924053)
References
Detailed information about specific affected platforms and applications can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx