MS Security Bulletin Summary - July, 2006
FYI...
- http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx?pf=true
Published: July 11, 2006
... Summary ...
--- Critical (5) ---
Microsoft Security Bulletin MS06-035
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
- http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-036
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
- http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx
This update resolves a vulnerability in the DHCP Client service that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-037
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)
- http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx
This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-038
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
- http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-039
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
- http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
--- Important (2) ---
Microsoft Security Bulletin MS06-033
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
- http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx
This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure
Microsoft Security Bulletin MS06-034
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
- http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx
This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
...Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind..."
============================
FYI... ISC analysis:
- http://isc.sans.org/diary.php?storyid=1473
Last Updated: 2006-07-11 20:57:16 UTC
"MS06-034 - This patch fixes what seems to be a buffer overflow in IIS. This buffer overflow can be exploited when IIS is processing ASP files. In other words, in order to exploit this vulnerability, an attacker has to somehow be able to upload ASP files on the target server, which is running IIS (versions 5.0, 5.1 and 6.0 are affected). Normally, you would require a user to authenticate before they can upload files to the server, so the vulnerability is rated moderate/important. In case that you do allow people to upload ASP files on your IIS server, it would be wise to apply the patch as soon as possible, although we don't know about any public exploits yet.
Microsoft's advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
CVE at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026 ..."
- http://isc.sans.org/diary.php?storyid=1471
Last Updated: 2006-07-11 20:40:21 UTC
"MS06-035 (CVE-2006-1314) looks to be the most dangerous of the vulnerabilities announced this month, specifically the Mailslot heap overflow. The vulnerability can be exploited remotely against the "Server" service. So this would definitely be something that could be used for widespread compromise with no user interaction, or a worm.
'Looks like Windows 2000 SP4 is vulnerable by default. Windows XP SP2 and Server 2003 don't appear to be vulnerable with a default installation unless services are listening on Mailslots. At this point, it is unclear exactly what software would enable Mailslots to create a vulnerable condition.
So how long before exploit code is available? Well, clever readers will have noticed that Pedram Amini and H D Moore are credited with discovering this vulnerability (the Mailslot heap overflow). Those guys are some of the best in the business, so you do the math... I'm guessing that they have had reliable exploit code working for a while now... You should probably make this your top priority in patching."
- http://isc.sans.org/diary.php?storyid=1472
Last Updated: 2006-07-11 20:28:16 UTC by Patrick Nolan (Version: 1)
"MS06-036 has been issued, MS has said systems "Primarily" at risk are Microsoft Windows 2000, Windows XP and Windows Server 2003... An attacker could exploit the vulnerability by answering a client's DHCP request on the local subnet with malformed packets... An attacker could try to exploit this vulnerability over the Internet... Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, however the vulnerability is not critical... CVE-2006-2372"
- http://isc.sans.org/diary.php?storyid=1474
Last Updated: 2006-07-11 21:10:31 UTC
"MS06-037 - ...This update resolves several public, privately reported, and newly discovered vulnerabilities. All of these state that a remote code execution vulnerability exists in Excel dealing with each of the identified items. The only workaround suggested and tested is to NOT open attachments from untrusted sources. I guess that means, PATCH. Microsoft states: "When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.""
- http://isc.sans.org/diary.php?compare=1&storyid=1475
Last Updated: 2006-07-11 21:54:43 UTC
"MS06-038 - ...It appears that all of the Microsoft Office 2000, 2002, 2003 programs are affected. Not affected is Works applications. Summary: This is another remote code execution problem and appears to impact Office 2000 applications the worse lending to a critical assessment. The other versions of Office identified as vulnerable are listed as important for all three of the CVE's... In all three cases the only tested work around is NOT to open attachments from untrusted sources. I guess that means to apply the patch ASAP."
- http://isc.sans.org/diary.php?storyid=1476
Last Updated: 2006-07-11 21:59:39 UTC
"MS06-039 - ...This patch fixes two vulnerabilities in all Microsoft Office products (Office 2000, XP, 2003 are affected, as well as Project 2000, 2002 and Microsoft Works 2004, 2005, 2006). Microsoft Office for Mac is not affected. The vulnerabilities can be exploited by crafting a special GIF or PNG graphic files. In both cases the user needs to open the file so, while this vulnerability can not be exploited automatically through e-mail, it is still very easy to get user into opening a file. It is worth mentioning that, when the file is hosted on a web site, Office 2000 does not prompt the user before opening the document (which means that it's enough for a user to click on a link leading to the file). As the only workarounds are not to open or save files "you receive from un-trusted sources or that you received unexpectedly from trusted sources" you should patch as soon as possible.
MS advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-039.mspx .
CVEs are at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033 and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007 ."
===============================================
> http://www.us-cert.gov/cas/techalerts/TA06-192A.html
:spider:
FYI...
- http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx?pf=true
Published: July 11, 2006
... Summary ...
--- Critical (5) ---
Microsoft Security Bulletin MS06-035
Vulnerability in Server Service Could Allow Remote Code Execution (917159)
- http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx
This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-036
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
- http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx
This update resolves a vulnerability in the DHCP Client service that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-037
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (917285)
- http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx
This update resolves several vulnerabilities in Excel, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-038
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
- http://www.microsoft.com/technet/security/bulletin/ms06-038.mspx
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-039
Vulnerability in Microsoft Office Could Allow Remote Code Execution (915384)
- http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
--- Important (2) ---
Microsoft Security Bulletin MS06-033
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
- http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx
This vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure
Microsoft Security Bulletin MS06-034
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
- http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx
This vulnerability could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
...Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind..."
============================
FYI... ISC analysis:
- http://isc.sans.org/diary.php?storyid=1473
Last Updated: 2006-07-11 20:57:16 UTC
"MS06-034 - This patch fixes what seems to be a buffer overflow in IIS. This buffer overflow can be exploited when IIS is processing ASP files. In other words, in order to exploit this vulnerability, an attacker has to somehow be able to upload ASP files on the target server, which is running IIS (versions 5.0, 5.1 and 6.0 are affected). Normally, you would require a user to authenticate before they can upload files to the server, so the vulnerability is rated moderate/important. In case that you do allow people to upload ASP files on your IIS server, it would be wise to apply the patch as soon as possible, although we don't know about any public exploits yet.
Microsoft's advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
CVE at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026 ..."
- http://isc.sans.org/diary.php?storyid=1471
Last Updated: 2006-07-11 20:40:21 UTC
"MS06-035 (CVE-2006-1314) looks to be the most dangerous of the vulnerabilities announced this month, specifically the Mailslot heap overflow. The vulnerability can be exploited remotely against the "Server" service. So this would definitely be something that could be used for widespread compromise with no user interaction, or a worm.
'Looks like Windows 2000 SP4 is vulnerable by default. Windows XP SP2 and Server 2003 don't appear to be vulnerable with a default installation unless services are listening on Mailslots. At this point, it is unclear exactly what software would enable Mailslots to create a vulnerable condition.
So how long before exploit code is available? Well, clever readers will have noticed that Pedram Amini and H D Moore are credited with discovering this vulnerability (the Mailslot heap overflow). Those guys are some of the best in the business, so you do the math... I'm guessing that they have had reliable exploit code working for a while now... You should probably make this your top priority in patching."
- http://isc.sans.org/diary.php?storyid=1472
Last Updated: 2006-07-11 20:28:16 UTC by Patrick Nolan (Version: 1)
"MS06-036 has been issued, MS has said systems "Primarily" at risk are Microsoft Windows 2000, Windows XP and Windows Server 2003... An attacker could exploit the vulnerability by answering a client's DHCP request on the local subnet with malformed packets... An attacker could try to exploit this vulnerability over the Internet... Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, however the vulnerability is not critical... CVE-2006-2372"
- http://isc.sans.org/diary.php?storyid=1474
Last Updated: 2006-07-11 21:10:31 UTC
"MS06-037 - ...This update resolves several public, privately reported, and newly discovered vulnerabilities. All of these state that a remote code execution vulnerability exists in Excel dealing with each of the identified items. The only workaround suggested and tested is to NOT open attachments from untrusted sources. I guess that means, PATCH. Microsoft states: "When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.""
- http://isc.sans.org/diary.php?compare=1&storyid=1475
Last Updated: 2006-07-11 21:54:43 UTC
"MS06-038 - ...It appears that all of the Microsoft Office 2000, 2002, 2003 programs are affected. Not affected is Works applications. Summary: This is another remote code execution problem and appears to impact Office 2000 applications the worse lending to a critical assessment. The other versions of Office identified as vulnerable are listed as important for all three of the CVE's... In all three cases the only tested work around is NOT to open attachments from untrusted sources. I guess that means to apply the patch ASAP."
- http://isc.sans.org/diary.php?storyid=1476
Last Updated: 2006-07-11 21:59:39 UTC
"MS06-039 - ...This patch fixes two vulnerabilities in all Microsoft Office products (Office 2000, XP, 2003 are affected, as well as Project 2000, 2002 and Microsoft Works 2004, 2005, 2006). Microsoft Office for Mac is not affected. The vulnerabilities can be exploited by crafting a special GIF or PNG graphic files. In both cases the user needs to open the file so, while this vulnerability can not be exploited automatically through e-mail, it is still very easy to get user into opening a file. It is worth mentioning that, when the file is hosted on a web site, Office 2000 does not prompt the user before opening the document (which means that it's enough for a user to click on a link leading to the file). As the only workarounds are not to open or save files "you receive from un-trusted sources or that you received unexpectedly from trusted sources" you should patch as soon as possible.
MS advisory is at http://www.microsoft.com/technet/security/Bulletin/MS06-039.mspx .
CVEs are at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033 and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007 ."
===============================================
> http://www.us-cert.gov/cas/techalerts/TA06-192A.html
:spider:
Last edited:
:fear: