Tuesday, September 11, 2007

September Patch Tuesday relatively minor

Today's Microsoft patch tuesday is one of the mildest in memory (excluding the month that Microsoft skipped patch tuesday altogether, despite a number exploits and known vulnerabilities). Of the four vulnerabilities, the MSN Messenger vulnerability is, in our view, the most serious. Microsoft has only rated it as important because not all versions of MSN Messenger are vulnerable and because users are prompted to upgrade their client when they log on to the MSN Messenger network. Here's the breakdown of each vulnerability:

  • MS07-051 -- Vulnerability in Microsoft Agent Could Allow Remote Code Execution

    This was the only patch today that Microsoft rated as Critical. Microsoft Agent is the same technology as the Microsoft Office paper clip that used to annoy you. Microsoft touts it as a way to spice up web pages with interactive personalities. However, this is not the first vulnerability in Microsoft Agent, and those who visit web pages that use the agent may be at risk. Microsoft recommends disabling the agent by setting the kill bit on the following CLSIDs:
    • D45FD31B-5C6E-11D1-9EC1-00C04FD7081F

    • F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5

    • 4BAC124B-78C8-11D1-B9A8-00C04FD97575

    • D45FD31D-5C6E-11D1-9EC1-00C04FD7081F

    • D45FD31E-5C6E-11D1-9EC1-00C04FD7081F

  • MS07-052 -- Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution

    This vulnerability is rated Important by Microsoft. Only those with Visual Studio are at risk of exploitation of this flaw. If you aren't using Crystal Reports, Microsoft recommends you uninstall it to minimize your exposure to this flaw.

  • MS07-053 -- Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege

    This is rated Important by Microsoft. Any computer from Windows 2000 through Windows Server 20003 that runs Windows Services for UNIX is susceptible to a local privilege escalation. As this is not remotely exploitable, the eSoft Threat Prevention Team as not analyzed it in depth.

  • MS07-054 -- Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution

    This vulnerability is a bit more severe than Microsoft would like you to believe. They have rated this vulnerability as Important, but the eSoft Threat Prevention Team believes it ranks as Critical.

    MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.0 are all vulnerable. Detailed instructions on exploiting this vulnerability have been released. In order for an attacker to exploit the vulnerability, they must convince their target to accept either a webcam or video chat invitation. If you disable webcam and video chats in MSN Messenger, you are not vulnerable.

    The good news with this one is that Windows Live Messenger 8.1, released in January of this year, and users of MSN Messenger 7.0.0820, released "recently" are already protected from this vulnerability. Also, users of Microsoft's messenger products should be prompted to upgrade when they log in to their accounts.

    Microsoft recommends blocking Microsoft Messenger traffic until all machines on your network are updated with the latest version of Messenger.

As usual, patch your systems as soon as you can.

Note from the sponsor: eSoft's Intrusion Prevention Softpak can be configured to block all MSN traffic at the gateway. It also blocks websites that use Microsoft Agent as a precaution against the many vulnerabilities in that software.