Thursday, July 10, 2008

Microsoft Fixes Nine Bugs With Four Updates

Microsoft issued four “important” security bulletins for today’s Patch Tuesday release, resolving nine security errors that could lead an attacker to gain elevated login rights, spoof a user’s account or launch arbitrary code on a victim’s PC.
Security experts said that one of the most severe updates contained in this month’s Patch Tuesday bundle includes a fix that resolves two vulnerabilities in the Windows Domain Name System (DNS). The vulnerabilities could open the door up for an attacker to redirect user’s Internet traffic to launch a spoofing attack — a multi-platform error affecting Unix and Linux, as well as Windows, platforms, experts said.

“As far as the severity of concerned, the DNS spoofing issue is definitely an important one,” said Amol Sarwate, manager of vulnerabilities research lab at Qualys, a security company based in Redwood Shores, Calif. “This vulnerability is not limited to today’s Microsoft Patch Tuesday. It’s part of a much larger issue.”

If exploited, the vulnerabilities could enable a remote attacker to redirect a user’s browser to the attacker’s own systems, experts say.”If they attack a client’s machine, it would allow attackers to redirect them to a malicious Web site, and this could also be carried out against a DNS server,” said Sarwate.

Another serious update addresses a previously published security bug in Windows Explorer that could allow arbitrary code execution when a user opens and saves a maliciously crafted saved-search file.

An attacker exploiting the vulnerability could take complete control of an affected system once a user with administrative privileges logged on, and could then install malicious programs, view or change sensitive information, or create new user accounts.

Experts say that while the flaw does enable remote code execution, the severity of the error is mitigated due to the extensive user interaction required for the flaw to be exploited.

“It’s remote code execution, but it’s mitigated because a user has to download this file, then they have to open it, then they have to save it. It’s a bunch of additional steps in order to be hacked,” said Eric Schultze, CTO of Shavlik Technologies, based in Roseville, Minn.

Meanwhile, another patch fixes four errors in the Microsoft SQL server, which could allow an authenticated attacker to run malicious code to take complete control of a user’s PC.