Winston-Salem, Business, News, Events, Greensboro, Technology, IT Services

Malicious Images and Search Files Can Compromise Windows

Severity: High

9 December, 2008

Summary:

§ These vulnerabilities affect: All current versions of Windows

§ How an attacker exploits them: Multiple vectors of attack, such as enticing a victim to visit a malicious web site or to view a specially crafted image

§ Impact: Various; in the worst case, an attacker can gain complete control of your Windows computer

§ What to do: Install the appropriate Microsoft patches immediately

Exposure:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. Both vulnerabilities are equally severe:

MS08-071: Two GDI Buffer Overflow Vulnerabilities

The Graphics Device Interface (GDI) is a Windows component that helps output pictures and text to your monitor or printer. Microsoft’s bulletin describes two buffer overflow vulnerabilities that affect GDI. The flaws differ technically (one is a heap overflow and the other an integer overflow), but they share the same impact. If an attacker can entice one of your users into viewing a specially crafted WMF image, or into running a specially crafted program (which uses the GDI API to copy a WMF image), he could leverage either of these vulnerabilities to gain complete control of your user’s computer (regardless of the user’s privileges)
Microsoft rating: Critical.

MS08-075: Two Windows Search Code Execution Vulnerabilities

According to Microsoft, Windows Search is a standard Windows Vista and Server 2008 component that allows instant search capabilities for most common file and data types. You can download an optional Windows Search component for Windows XP, but these vulnerabilities only affect the versions that ship with Vista and Server 2008.

Windows Search suffers from two vulnerabilities involving how Windows Explorer handles either Windows Search files (.search-ms) or the Windows Search protocol (search-ms://). Both flaws share the same impact, but the Windows Search protocol flaw is easier for an attacker to leverage. By luring one of your users to a malicious web site, an attacker can exploit the Windows Search protocol flaw to execute code on that user’s computer, with that user’s privileges. If your user has administrative privileges, an attacker could exploit either of these flaws to gain complete control of the user’s PC.
Microsoft rating: Critical.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

MS08-071:

§ For Windows 2000

§ For Windows XP

§ For Windows XP x64

§ For Windows Server 2003

§ For Windows Server 2003 x64

§ For Windows Server 2003 Itanium

§ For Windows Vista

§ For Windows Vista x64

§ For Windows Server 2008

§ For Windows Server 2008 x64

§ For Windows Server 2008 Itanium

MS08-075:

Note: Microsoft seems to be distributing two separate updates to fix the issues covered in this bulletin. You should apply both.

§ For Windows Vista [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Vista x64 [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Server 2008 [ Update 1 (KB958623) / Update 2 (KB958624) ]

§ For Windows Server 2008 x64 [ Update 1 (KB958623) / Update 2 (KB958624) ]

For Windows Server 2008 Itanium [ Update 1 (KB958623) / Update 2 (KB958624) ]

Be Sociable, Share!
Leave a Reply

You must be logged in to post a comment. Login »

Optimization WordPress Plugins & Solutions by W3 EDGE