|
|
IE and Office | Word | SMB | SQL | Service Pack 3
Joyce Winslow
jwins@oregon.uoregon.edu
Over the last three months, additional alerts about potential security vulnerabilities
in Microsoft products have been issued from various sources. If you're
using any of the Microsoft products cited below, make sure you take the necessary
steps to protect yourself.
Internet Explorer 5.0/5.5/6 and Office 2000/XP, Money 2002/2003, Project
2002. In previous issues of Computing News, we've described numerous
IE vulnerabilities ("Be Alert to Ongoing Microsoft Security Problems"
http://cc.uoregon.edu/cnews/summer2002/ms_holes.html
and "Security Problems Still Plague Microsoft" http://cc.uoregon.edu/cnews/spring2002/ms_probs.html
).
The latest warnings, first posted by San Francisco programmer Mike Benham last
August, cite a newly discovered loophole in handling Microsoft's digital
certificates and a problem with the PGP (Pretty Good Privacy) encryption program.
Digital certificates and PGP are intended to provide security, but these flaws
could allow hackers to gain access to credit card and other sensitive information
being transmitted over the Internet. Microsoft also disclosed that, in addition
to exposing sensitive user information, these security holes could allow an
attacker to use Internet-related parts of Office software to run programs that
alter data and wipe out the hard drive.
Microsoft urged users to get the new cumulative patch for Internet Explorer
at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-047.asp
Information and Fixes. For more details on these problems, and links
to fixes, see
- "Serious flaw found in Internet Explorer"
http://zdnet.com.com/2102-1105-949506.html
- "Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)"
Microsoft Security Bulletin MS02-050 (this site also provides updated
patches for Windows 98/NT 4.0/Me/2000/XT, and will soon have fixes for Mac versions):
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-050.asp
- New cumulative patch for Internet Explorer:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-047.asp
- "Unsafe Functions in Office Web Components (Q328130)" Microsoft
Security Bulletin MS02-044
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-044.asp
A recently disclosed flaw in all versions of Microsoft Word leaves files vulnerable
to attackers who could steal computer files by bugging a document with hidden
code. Word 97 is most vulnerable, but thus far Microsoft is committed to correcting
the problem in later versions only. The Word 97 exploit is especially dangerous
because it leaves almost any file--even files on a secure server--vulnerable
to theft, and the attacker's "spy" field code can scan for hundreds
of files without being detected.
Until the problem is corrected, Microsoft suggests Word users view hidden code
in every document they open. For details, see
- "Microsoft Word flaw may allow file theft" http://www.cnn.com/2002/TECH/ptech/09/13/microsoft.word.bug.ap/index.html
- Microsoft's information page at http://www.microsoft.com/technet/treeview/default.asp?url=/Technet/security/topics/secword.asp
- Woody's Office Watch article, "The biggest Word 97 Security Hole Yet"
at http://www.woodyswatch.com/office/archtemplate.asp?v7-n42
The SMB (Server Message Block) protocol, which is used to share files, printers,
serial ports, and to communicate between computers using named pipes and mail
slots, has an unchecked buffer in a section of code that requests the SMB service.
This flaw leaves Windows NT/2000/XP systems vulnerable to being crashed by a
denial of service attack.
Information and Fixes. For more information on the SMB flaw, as well
as fixes for XP/NT/2000, see Microsoft Security Bulletin MS02-045: "Unchecked
Buffer in Network Share Provider May Lead to Denial-of-Service" http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q326830&
UO network filtering policy. Due to a significant increase in attacks
against campus machines via Windows File Sharing mechanisms, Network Services
is now blocking SMB traffic from off-campus (see related article, "Network
Services Blocks SMB Traffic..." on page 18).
Last July, three new security holes were detected in Microsoft server and database
products:
SQL Server 2000. The most serious of these flaws affects SQL Server
2000. It could allow an attacker to overwrite portions of system memory, perpetrating
a denial of service attack or causing other system disruptions. For more information
on this flaw, and to download the patch, see MS02-039:"Buffer Overruns
in SQL Server 2000 Resolution Service Might Enable Code Execution"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp
Microsoft Exchange Server 5.5. This flaw affects the server's Internet
Mail Connector, which provides Simple Mail Transfer Protocol (SMTP). It could
allow an attacker to trigger a buffer overflow, either crashing Exchange and
blocking all inbound and outbound email delivery, or gaining complete control
of the server. For more details, and to download the patch, go to Microsoft
Security Bulletin MS02-037: "Server Response To SMTP Client EHLO
Command Results In Buffer Overrun (Q326322)"
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-037.asp
Metadirectory Services 2.2. This flaw could enable a breach of privileged
user access, allowing an attacker to bypass security checks and manipulate data
that should, by design, only be accessible to administrators.
For more information on this flaw, and to download the patch, see Microsoft
Security Bulletin MS02-036: "Authentication Flaw in Microsoft Metadirectory
Services Could Allow Privilege Elevation (Q317138)" http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-036.asp
In August, Microsoft released Service Pack 3 for Windows 2000. The latest release
is a hefty collection of bug and security fixes (including the fix for the SQL
Server 2000 vulnerability outlined above), updates, and new middleware.
You can download the new Windows 2000 service pack from http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.asp
or order it on CD (http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/ordercd.asp)