Hello and welcome to this month’s blog on the Microsoft patch releases. This is a relatively light month; the vendor is releasing four bulletins that cover a total of nine vulnerabilities.
All nine of the issues are rated “important” this month. Although none of the issues jump out and say, “This is a severe or critical vulnerability,” a couple of the issues have the potential to become widespread. Two of the four SQL Server issues, while local in nature, could be exploited remotely if an attacker can exploit a latent SQL-injection issue in an application that uses the vulnerable server as a backend. Also, the DNS Server and Client issues could help attackers spoof legitimate sites, greatly enhancing their ability to phish sensitive information from unsuspecting victims. Microsoft’s summary of the July releases can be found here: www.microsoft.com/technet/security/bulletin/ms08-jul.mspx 1. MS08-040 <http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx> Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) CVE-2008-0085 (BID <http://www.securityfocus.com/bid/30083> 30083) Microsoft SQL Server Memory Page Reuse Information Disclosure Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10) An information disclosure vulnerability affects SQL Server due to how it manages memory page reuse. An attacker with ‘database operator’ access can exploit this issue to gain access to potentially sensitive information. Information obtained may aid in further attacks. Affects: SQL Server 7.0 SP4, SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft Data Engine (MSDE) 1.0 SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, Microsoft SQL Server 2005 Express Edition SP1 and SP2, Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2 CVE-2008-0086 (BID <http://www.securityfocus.com/bid/30082> 30082) Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10) A local privilege-escalation vulnerability affects SQL Server when converting SQL expressions from one data type to another. An attacker with authenticated access to the application could exploit this issue to execute arbitrary code with SYSTEM privileges. This issue may be remotely exploitable if an attacker can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend. Affects: SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and Server 2000 Desktop Engine (WMSDE) CVE-2008-0107 (BID <http://www.securityfocus.com/bid/30119> 30119) Microsoft SQL Server On-Disk Data Structures Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10) A local privilege-escalation vulnerability affects SQL Server due to how it validates data structures on disk files. An authenticated attacker could exploit this issue to execute arbitrary code with SYSTEM privileges. Affects: SQL Server 7.0 SP4, SQL Server 2000 SP4, SQL Server 2000 Itanium-based Edition SP4, SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft Data Engine (MSDE) 1.0 SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, Microsoft SQL Server 2005 Express Edition SP1 and SP2, Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2 CVE-2008-0106 (BID <http://www.securityfocus.com/bid/30118> 30118) Microsoft SQL Server INSERT Statement Remote Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.4/10) A local privilege-escalation vulnerability affects SQL Server when processing ‘insert’ statements. An authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM privileges. This issue may be remotely exploitable if an attacker can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend. Affects: SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft SQL Server 2005 Express Edition SP1 and SP2, and Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2 2. MS08-038 <http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx> Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) CVE-2008-1435 (BID <http://www.securityfocus.com/bid/30109> 30109) Microsoft Windows Explorer 'saved-search' File Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10) A client-side remote code execution vulnerability affects Windows Explorer when handling specially malformed ‘saved-search’ files. An attacker must trick a victim into opening and saving a malicious ‘saved-search’ file with the vulnerable application to exploit this issue. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user. Affects: Windows Vista and Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, and Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems 3. MS08-039 <http://www.microsoft.com/technet/security/Bulletin/MS08-039.mspx> Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) CVE-2008-2247 (BID <http://www.securityfocus.com/bid/30073> 30130) Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10) A cross-site scripting vulnerability affects Outlook Web Access for Exchange Server. The problem occurs due to a failure to properly validate email fields when opening mail from within a client’s OWA session. An attacker must trick a victim into opening a specially crafted email to exploit this issue. A successful attack will allow the attacker to execute arbitrary actions with the permissions of the victim’s OWA session. Affects: Microsoft Exchange Server 2003 SP2 CVE-2008-2248 (BID <http://www.securityfocus.com/bid/30130> 30078) Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability (MS Rating: Important / Symantec Urgency Rating: 7.1/10) A cross-site scripting vulnerability affects Outlook Web Access for Exchange Server. The problem occurs due to a failure to properly validate HTML when rendering email within a client’s OWA session. An attacker must trick a victim into opening a specially crafted email to exploit this issue. A successful attack will allow the attacker to execute arbitrary actions with the permissions of the victim’s OWA session. Affects: Microsoft Exchange Server 2007, and Microsoft Exchange Server 2007 SP1 4. MS08-037 <http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx> Vulnerabilities in DNS Could Allow Spoofing (953230) CVE-2008-1447 (BID <http://www.securityfocus.com/bid/30131> 30131) Multiple Vendor DNS Implementation Insufficient Socket Entropy DNS Spoofing Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10) A vulnerability in multiple vendors implementations of the DNS protocol allows attackers to spoof DNS responses to poison the DNS cache. The problem occurs because of weak randomization in the Transaction ID (TXID) and UDP port used in DNS communications. A remote attacker can exploit this issue by sending specific queries to a vulnerable computer, and then respond with false or misleading information. Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2, and Windows Server 2003 with SP1 and SP2 for Itanium-based Systems. CVE-2008-1454 (BID <http://www.securityfocus.com/bid/30132> 30132) Microsoft Windows DNS Server Cache Poisoning Vulnerability (MS Rating: Important / Symantec Urgency Rating: 6.1/10) A vulnerability in Windows DNS Server allows attackers to poison the DNS cache, potentially redirecting users to attacker-controlled sites. The problem occurs because under certain circumstances, a DNS server will accept a response from a nameserver for zones outside the server’s authority. Affects: Microsoft Windows 2000 SP4, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP1 and SP2 for Itanium-based Systems, and Windows Server 2008 for 32-bit Systems, and x64-based Systems. [Ph4nt0m] <http://www.ph4nt0m.org/> [Ph4nt0m Security Team] <http://blog.ph4nt0m.org/> [EMAIL PROTECTED] Email: [EMAIL PROTECTED] PingMe: <http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wu hq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> === V3ry G00d, V3ry Str0ng === === Ultim4te H4cking === === XPLOITZ ! === === #_# === #If you brave,there is nothing you cannot achieve.# --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
<<inline: image001.gif>>
