July 13, 2004

July Security patches - time to patch the servers

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis

MS04-21: References CAN-2004-0205 IIS 4.0 remote buffer overflow - full remote control. If you still use IIS 4.0 this is probably yet another reason to upgrade.

MS04-22: References CAN-2004-0212 REMOTE code execution in the task scheduler with the privileges of the logged in user. Windows 2003 is for now exempt from the problem. Interesting workaround: block access to files ending in ".job" in the perimeter

MS04-23: References CAN-2004-0201 and CAN-2003-1041 Remote code execution in the help system with the privileges of logged in user. Outlook is a transport vector for this vulnerability--easy worm potential!

MS04-24: References CAN-2004-0420 Remote code execution via Windows shell with the privileges of logged in user. Exploit uses the COM subsystem to trigger execution that's supposed to be blocked based on extensions. Although Microsoft considers this patch "important," public availability of the exploit raises our assessment the vulnerability's severity.

Looks like Microsoft is giving more reason to upgrade since Windows 2003 was only afftected by two of the above exploits, albeit an important and critical one. Here is the link to the individual articles:
Cumulative Security Update for Outlook Express (823353)
Vulnerability in Utility Manager Could Allow Code Execution (842526)
Vulnerability in POSIX Could Allow Code Execution (841872)
Security Update for IIS 4.0 (841373)
Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Vulnerability in HTML Help Could Allow Code Execution (840315)
Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
IT departments across the world suddenly see weekend plans go up in smoke in exchange for testing patches with critical apps.

Posted by bowulf at July 13, 2004 06:46 PM | TrackBack
Comments
Post a comment









Remember personal info?