[Ph4nt0m] [zz]Microsoft Patch Tuesday for October 2008

[大风]

 

*       10-14-2008 12:02 PM 
*       author
<https://forums.symantec.com/syment/view_profile?user.id=98413> Robert Keith
writes: 


body Hello and welcome to this month’s blog on the Microsoft patch
releases. This is another fairly heavy month, with 11 bulletins covering 20
vulnerabilities.

There are 10 critical issues this month affecting Internet Explorer, Excel,
Active Directory, and the RPC service of Host Integration Server. All of
them are remote code-execution issues, but the issues affecting Host
Integration Server and Active Directory do not require any user interaction,
making them potentially the worst of the bunch. The remaining issues (rated
Important and Moderate) affect Message Queuing Service, Internet Printing
Protocol (IPP), Windows Kernel, Ancillary Function Driver, Virtual Address
Descriptors (VADs), and Server Message Block (SMB).

As always, customers are advised to follow these security best practices:

- Block external access at the network perimeter to specific sites and
computers only.
- Avoid sites of questionable or unknown integrity.
- Never open files from unknown or questionable sources.
- Run all software with the least privileges required while still
maintaining functionality.

Microsoft’s summary of the October releases can be found here: 
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Some of the notable vulnerabilities this month are:

1. MS08-058
<http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx>
Cumulative Security Update for Internet Explorer (956390)

CVE-2008-3472 (BID 31615 <http://www.securityfocus.com/bid/31615> ) HTML
Element Cross-Domain Vulnerability (MS Rating: Critical /Symantec Urgency
Rating 8.5/10)

A cross-domain remote code-execution and information disclosure
vulnerability affects Internet Explorer because it incorrectly interprets
the origin of script code. An attacker can exploit this issue by enticing a
victim into viewing a specially crafted web page. Code execution in the
context of another domain or security zone is only possible when exploited
through Internet Explorer 6 SP1 running on Windows 2000 SP4, otherwise a
successful exploit will result in information disclosure only.

Affects: Internet Explorer 5.01 SP4, Internet Explorer 6, Internet Explorer
6 SP1, and Internet Explorer 7.

CVE-2008-3473 (BID 31616 <http://www.securityfocus.com/bid/31616> )
Microsoft Internet Explorer Event Handling Cross Domain Security Bypass
Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.5/10)

A cross-domain remote code-execution and information disclosure
vulnerability affects Internet Explorer because it incorrectly interprets
the origin of script code. An attacker can exploit this issue by enticing a
victim into viewing a specially crafted web page. Code execution in the
context of another domain or security zone is only possible when exploited
through Internet Explorer 6 SP1 running on Windows 2000 SP4, otherwise a
successful exploit will result in information disclosure only.

Affects: Internet Explorer 5.01 SP4, Internet Explorer 6, Internet Explorer
6 SP1, and Internet Explorer 7

CVE-2008-2947 (BID 29960 <http://www.securityfocus.com/bid/29960> )
Microsoft Internet Explorer 'location' & 'location.href' Cross Domain
Security Bypass Vulnerability (MS Rating: Critical / Symantec Urgency Rating
8.5/10)

This is a previously documented cross-domain security-bypass vulnerability
affecting Internet Explorer originally disclosed on June 26, 2008. The
problem occurs when handling the “location” or “location.href” property
contained in a window object. An attacker can exploit this issue to execute
arbitrary code in another browser window’s security zone. 

Affects: Internet Explorer 5.01 SP4, Internet Explorer 6, Internet Explorer
6 SP1, and Internet Explorer 7

CVE-2008-3475 (BID 31617 <http://www.securityfocus.com/bid/31617> )
Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption
Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Internet Explorer when it
accesses an object that has not been properly initialized or has been
deleted. An attacker can exploit this issue by tricking a victim into
viewing a specially crafted web page. A successful attack will result in the
execution of arbitrary code in the context of the currently logged-in user.

Affects: Internet Explorer 6, and Internet Explorer 6 SP1

CVE-2008-3476 (BID 31618 <http://www.securityfocus.com/bid/31618> )
Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption
Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Internet Explorer because it
attempts to access uninitialized memory in certain situations. An attacker
can exploit this issue by tricking a victim into viewing a specially crafted
web page. A successful attack will result in the execution of arbitrary code
in the context of the currently logged-in user.

Affects: Internet Explorer 5.01 SP4, Internet Explorer 6, and Internet
Explorer 6 SP1

2. MS08-059
<http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx>
Microsoft Host Integration Server RPC Remote Code Execution Vulnerability
(KB956695)

CVE-2008-3466 (BID 31620 <http://www.securityfocus.com/bid/31620> ) HIS RPC
Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Urgency Rating
8.2/10)

A remote code execution vulnerability affects the SNA Remote Procedure Call
(RPC) service of Host Integration Server. An attacker can exploit this issue
by sending a malformed RPC request to the affected service. A successful
exploit will result in the execution of arbitrary code in the context of the
affected service. This could facilitate a complete compromise of the
affected computer.

Affects: Microsoft Host Integration Server 2000 SP2, Microsoft Host
Integration Server 2000 Administrator Client, Microsoft Host Integration
Server 2004, Microsoft Host Integration Server 2004 SP1, Microsoft Host
Integration Server 2006 32-bit, and Microsoft Host Integration Server 2006
x64.

3. MS08-057
<http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx>
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(956416)

CVE-2008-3477 (BID 31702 <http://www.securityfocus.com/bid/31702> )
Microsoft Excel Calendar Object Validation Remote Code Execution
Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Excel when processing a VBA
Performance Cache. An attacker must trick a victim into opening a malicious
project file to exploit this issue. A successful attack will result in the
execution of arbitrary code in the context of the currently logged-in user. 

Affects: Excel 2000 SP3, Excel 2002 SP3, and Excel 2003 SP2 and SP3

CVE-2008-3471 (BID 31705 <http://www.securityfocus.com/bid/31705> )
Microsoft Excel File Format Parsing Remote Code Execution Vulnerability (MS
Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Excel when processing a
malformed Excel file. An attacker must trick a victim into opening a
malicious file to exploit this issue. A successful attack will result in the
execution of arbitrary code in the context of the currently logged-in user.

Affects: Excel 2000 SP3, Excel 2002 SP3, Excel 2003 SP2 and SP3, Excel 2007,
Excel 2007 SP1, Microsoft Office Excel Viewer 2003, Microsoft Office Excel
Viewer 2003 SP3, Microsoft Office Excel Viewer, Microsoft Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats,
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats SP1, Office 2004 for Mac, Office 2008 for Mac, Open XML File
Format Converter for Mac.

CVE-2008-4019 (BID 31706 <http://www.securityfocus.com/bid/31706> )
Microsoft Excel Formula Parsing Remote Code Execution Vulnerability (MS
Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Excel when parsing a malformed
formula embedded in a cell. Specifically, a REPT function call can be
exploited to cause an integer overflow. An attacker must trick an
unsuspecting victim into opening a malicious file to exploit this issue. A
successful exploit will result in the execution of arbitrary code in the
context of the currently logged-in user.

Affects: Excel 2000 SP3, Excel 2002 SP3, Excel 2003 SP2 and SP3, Excel 2007,
Excel 2007 SP1, Microsoft Office Excel Viewer 2003, Microsoft Office Excel
Viewer 2003 SP3, Microsoft Office Excel Viewer, Microsoft Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats,
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats SP1, Microsoft Office SharePoint Server 2007, Microsoft Office
SharePoint Server 2007 SP1, Microsoft Office SharePoint Server 2007 x64
Edition, Microsoft Office SharePoint Server 2007 x64 Edition SP1*, Office
2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac.

4. MS08-060
<http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx>
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)

CVE-2008-4023 (BID 31609 <http://www.securityfocus.com/bid/31609> )
Microsoft Windows Active Directory LDAP Request Handling Remote Code
Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating
8.2/10)

A remote code execution vulnerability affects Active Directory on Windows
2000 because of insufficient validation of LDAP requests. A remote attacker
can exploit this issue by sending a malformed LDAP packet to an affected
server. A successful exploit will result in the execution of
attacker-supplied code in the context of the affected service. This may
facilitate a complete compromise of the affected computer.

Affects: Active Directory

More information on this and the other vulnerabilities being addressed this
month is available at Symantec’s free SecurityFocus
<http://www.securityfocus.com/>  portal and to our customers through the
DeepSight Threat Management System. 

 

 

[Ph4nt0m] <http://www.ph4nt0m.org/>  

[Ph4nt0m Security Team]

                   <http://blog.ph4nt0m.org/> [EMAIL PROTECTED]

          Email:  [EMAIL PROTECTED]

          PingMe:
<http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wu
hq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> 

          === V3ry G00d, V3ry Str0ng ===

          === Ultim4te H4cking ===

          === XPLOITZ ! ===

          === #_# ===

#If you brave,there is nothing you cannot achieve.#

 

 


--~--~---------~--~----~------------~-------~--~----~
 要向邮件组发送邮件，请发到 ph4nt0m@googlegroups.com
 要退订此邮件，请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---

<<inline: image001.gif>>