MS Security Bulletins

Tuesday 13 April 2004

MS Security Bulletins - 13 April

Four MS Security Bulletins issued today. MS04-011 to MS04-013 are labelled critical, MS04-014 is labelled as important

Microsoft Security Bulletin MS04-011

Security Update for Microsoft Windows

This update resolves several newly-discovered vulnerabilities:

LSASS Vulnerability - see Eeye's Report on Windows Local Security Authority Service Remote Buffer Overflow
LDAP Vulnerability
PCT Vulnerability
Winlogon Vulnerability
Metafile Vulnerability - see Eeye's Report on Windows Metafile Heap Overflow
Help and Support Center Vulnerability - see idefense's Vulnerability Report
Utility Manager Vulnerability
Windows Management Vulnerability
Local Descriptor Table Vulnerability - see Eeye's Report on Report on Windows Expand-Down Data Segment Local Privilege Escalation
H.323 Vulnerability
Virtual DOS Machine Vulnerability - see Eeye's Report on Windows VDM TIB Local Privilege Escalation
Negotiate SSP Vulnerability
SSL Vulnerability
ASN.1 "Double Free" Vulnerability

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

References:

Technical: Security Update for Microsoft Windows (835732)
Knowledgebase: MS04-011: Security Update for Microsoft Windows
Secunia: Microsoft Windows 14 Vulnerabilities

Microsoft Security Bulletin MS04-012

Cumulative Update for Microsoft RPC/DCOM

This update resolves several newly-discovered vulnerabilities in RPC/DCOM:

RPC Runtime Library Vulnerability - mentioned in Secunia Advisory 9978 dated 15 October 2003 and also in Eeye Advisory AD20040413B
RPCSS Service Vulnerability
COM Internet Services (CIS) - RPC over HTTP Vulnerability
Object Identity Vulnerability

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Reported by eEye Digital Security on 10 September 2003

References:

Technical: Cumulative Update for Microsoft RPC/DCOM (828741)
Knowledgebase: MS04-012: Cumulative Update for Microsoft RPC/DCOM
Secunia: Microsoft Windows RPC/DCOM Multiple Vulnerabilities

Microsoft Security Bulletin MS04-013

Cumulative Security Update for Outlook Express

This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.

Secunia reports that Outlook and Internet Explorer can also be used as attack vendors though they are not mentioned in the MS bulletin

References:

Technical: Cumulative Security Update for Outlook Express (837009)
Knowledgebase: MS04-013: Cumulative Security Update for Outlook Express
Secunia: Microsoft Outlook Express MHTML URL Processing Vulnerability

Microsoft Security Bulletin MS04-014

Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution

A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

kayodeok's Weblog

Tuesday 13 April 2004