Microsoft patches critical vulnerabilities

14/04/2004 Written by G00db0y

After 200 days, Microsoft has released four patches to fix mul­ti­ple vul­ner­a­bil­i­ties affect­ing its prod­ucts. The crit­i­cal dis­cov­er­ies include dan­ger­ous flaws in Remote Pro­ce­dure Call (RPC): RPC Run­time Library Vul­ner­a­bil­ity (CAN-​2003 – 0813), RPCSS Ser­vice Vul­ner­a­bil­ity (CAN-​2004 – 0116), COM Inter­net Ser­vices (CIS) — RPC over HTTP Vul­ner­a­bil­ity (CAN-​2003 – 0807) and Object Iden­tity Vul­ner­a­bil­ity (CAN-​2004 – 0124).

Accord­ing to Microsoft an attacker who is able to exploit these vul­ner­a­bil­i­ties could take full con­trol of the affected sys­tem. He could then do what­ever he wants on the vul­ner­a­ble sys­tem; he will be able to install pro­grams, view­ing, chang­ing or delet­ing data and, of course, to cre­ate new accounts on the sys­tem. Microsoft released an advi­sory for these prob­lems, you can see it here:

http://​www​.microsoft​.com/​t​e​c​h​n​e​t​/​s​e​c​u​r​i​t​y​/​b​u​l​l​e​t​i​n​/​M​S​0​4​-​0​1​2​.mspx


Microsoft patched also a prob­lem that affects MHTML (CAN-​2004 – 0380). Accord­ing to Microsoft an attacker can exe­cute a remote code by using a spe­cially crafted MHTML URL. He will run code in the Local Machine secu­rity zone in Inter­net Explorer. An attacker, in this way, will take full con­trol of an affected sys­tem. Advi­sory:

http://​www​.microsoft​.com/​t​e​c​h​n​e​t​/​s​e​c​u​r​i​t​y​/​b​u​l​l​e​t​i​n​/​M​S​0​4​-​0​1​3​.mspx


A buffer over­run vul­ner­a­bil­ity that affects Microsoft Jet Data­base Engine (JET) was also patched by Microsoft. This vul­ner­a­bil­ity could allow remote code exe­cu­tion on a vul­ner­a­ble sys­tem. (CAN-​2004 – 0197) Advi­sory:

http://​www​.microsoft​.com/​t​e​c​h​n​e​t​/​s​e​c​u​r​i​t​y​/​b​u​l​l​e​t​i​n​/​M​S​0​4​-​0​1​4​.mspx


Last but not least Microsoft released a patch for mul­ti­ple vul­ner­a­bil­i­ties that are affect­ing mul­ti­ple ser­vices on their prod­ucts. (LSASS, ASN, LDAP, PCT, Win­l­o­gon etc). An attacker who is able to exploit these vul­ner­a­bil­i­ties can take full con­trol of an affected sys­tem. Advi­sory:

http://​www​.microsoft​.com/​t​e​c​h​n​e​t​/​s​e​c​u​r​i​t​y​/​b​u​l​l​e​t​i​n​/​M​S​0​4​-​0​1​1​.mspx


All these crit­i­cal vul­ner­a­bil­i­ties, if left unpatched, can allow an attacker to take com­plete con­trol of an affected sys­tem.

Zone-​h rec­om­mends that every­body applies the update as soon as pos­si­ble… Blaster 2 is com­ing!