SecurityFocus Microsoft Newsletter #394



SecurityFocus Microsoft Newsletter #394

----------------------------------------

This issue is sponsored by Industry Brains

FREE SECURITY AUDIT RESOURCES
Take a Risk Assessment, get White Papers on the Latest Threats, listen to Malware Expert Webcasts.
http://newsletter.industrybrains.com/c?fe;1;766c3;210a3;4cc;0;da4


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Click Crime
2. Just Who's Being Exploited?
II. MICROSOFT VULNERABILITY SUMMARY
1. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
2. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
3. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
4. Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
5. Zarafa Multiple Remote Vulnerabilities
6. Microsoft Outlook Web Access 'no-store' HTTP Directive Information Disclosure Weakness
7. Microsoft Internet Explorer 'DisableCachingOfSSLPages' Security Weakness
8. Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
9. Microsoft May 2008 Advance Notification Multiple Vulnerabilities
10. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
11. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
12. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
13. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. XP Hardening
2. SecurityFocus Microsoft Newsletter #393
3. Binding Windows Services to Specific Addresses Only
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Click Crime
By Mark Rasch
It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one. http://www.securityfocus.com/columnists/471

2.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 29178
Remote: Yes
Date Published: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29178
Summary:
RakNet Autopatcher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to RakNet 3.23 are vulnerable.

2. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 29171
Remote: No
Date Published: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29171
Summary:
Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will completely compromise affected computers.

These issues affect Windows XP prior to SP3.

3. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
BugTraq ID: 29158
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29158
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

4. Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29147
Remote: Yes
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29147
Summary:
Microsoft Windows CE is prone to multiple vulnerabilities that allow attackers to execute arbitrary code. The issues stem from unspecified errors.

An attacker can exploit these issues to execute arbitrary code within the context of the affected components. Failed exploit attempts will likely result in denial-of-service conditions.

5. Zarafa Multiple Remote Vulnerabilities
BugTraq ID: 29122
Remote: Yes
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29122
Summary:
Zarafa is prone to multiple remote HTML-injection vulnerabilities and denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the affected application, execute arbitrary HTML and script code within the context of the affected website, potentially steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.

These issues affect versions prior to Zarafa Script 6.02.

6. Microsoft Outlook Web Access 'no-store' HTTP Directive Information Disclosure Weakness
BugTraq ID: 29121
Remote: No
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29121
Summary:
Microsoft Outlook Web Access is prone to a weakness that may allow sensitive information to be unintentionally stored on the local computer.

To exploit this issue, an attacker would need to exploit another vulnerability. Specifically, the attacker would need to be able to read the victim's cache.

7. Microsoft Internet Explorer 'DisableCachingOfSSLPages' Security Weakness
BugTraq ID: 29120
Remote: No
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29120
Summary:
Microsoft Internet Explorer is prone to a weakness that may allow attackers to extract potentially sensitive information.

Attackers with local access to a computer may exploit this issue to obtain potentially sensitive information from cached SSL-enabled web pages. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7.

8. Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
BugTraq ID: 29112
Remote: Yes
Date Published: 2008-05-08
Relevant URL: http://www.securityfocus.com/bid/29112
Summary:
Apache HTTP server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

UPDATE: Additional reports indicate that the default error page has the Content-Type set, rendering it not vulnerable.

NOTE: Reportedly, Microsoft Internet Explorer fails to properly follow RFC-2616 and uses content-sniffing to interpret UTF-7 data received in HTTP responses. After further analysis, we may rewrite this BID to be Internet Explorer-specific.

9. Microsoft May 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 29108
Remote: Yes
Date Published: 2008-05-08
Relevant URL: http://www.securityfocus.com/bid/29108
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on May 13, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document these vulnerabilities when the bulletins are released.

10. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29105
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29105
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

11. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29104
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29104
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

12. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
BugTraq ID: 29073
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29073
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

13. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
BugTraq ID: 29060
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29060
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. XP Hardening
http://www.securityfocus.com/archive/88/492001

2. SecurityFocus Microsoft Newsletter #393
http://www.securityfocus.com/archive/88/491763

3. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Industry Brains

FREE SECURITY AUDIT RESOURCES
Take a Risk Assessment, get White Papers on the Latest Threats, listen to Malware Expert Webcasts.
http://newsletter.industrybrains.com/c?fe;1;766c3;210a3;4cc;0;da4