Microsoft Issues Major Patch Release in Feb. Cycle Feb Fixes for Windows, IE, Office, Media Player, and Sharepoint Sean Michael Kerner
As part of its monthly patch cycle, Microsoft yesterday released a dozen security patches ranging in importance from moderately critical to highly critical. The fixes affect Windows technologies including Office, Windows Media Player, Sharepoint, and Internet Explorer.
A tool update has also been added to help users remove various forms of viruses from their PCs. First introduced last month, the tool will now also remove new variants of Netsky, Zafi, and other malware from users' systems.
The sheer volume of patches for vulnerabilities issued Tuesday dwarfs the three issues that last month's update addressed.
It is actually composed of two related though separate vulnerabilities that carry the CVE identifications of COM Structured Storage Vulnerability - CAN-2005-0047 and Input Validation Vulnerability - CAN-2005-004.
The COM vulnerability relates to the way programs access memory during processing of COM structured storage files. The input validation issue is a similar flaw in OLE.
Microsoft's Security Bulletin MS05-013 is titled Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution and fixes CVE issue CAN-2004-1319. This vulnerability is an ActiveX control
issue with Dynamic HTML that could allow for remote code execution. By simply visiting a Web site that has the exploit code on it, a user's unprotected system could have been compromised.
Microsoft Security Bulletin MS05-014 covers four different Internet Explorer specific vulnerabilities. CVE notation CAN-2005-0053 is titled Drag-and-Drop Vulnerability and addresses issues that have been previously reported in the security community.
Microsoft's MS05-008 Bulletin addresses the same CVE number as it relates to drag and drop in the Windows shell.
CAN-2005-0054 is titled URL Decoding Zone Spoofing Vulnerability and is a possible attack vector for phishers (define). If unpatched, it would allow the attacker to spoof an address in the process of identity theft or other attacks on an unsuspecting user. According to the Microsoft advisory, "significant user interaction is required to exploit this
vulnerability."
CAN-2005-0055 is a DHTML Method Heap Memory Corruption Vulnerability and is related to the same ActiveX issue though with different exploit
code and result as CAN-2004-1319:
The Channel Definition Format (CDF) Vulnerability (CAN-2005-0056) is a cross domain scripting vulnerability that Microsoft also noted would
require significant user interaction to execute.
Microsoft Security Bulletin MS05-015 is titled Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution and addresses CAN:2005-0057. According to the Microsoft advisory, the problem exists
because of an unchecked buffer while handling hyperlinks. By clicking a maliciously constructed hyperlink a user could unwittingly trigger an attack, which would allow for remote code execution on the user's PC.
Microsoft Security Bulletin MS05-009 deals with a PNG Processing vulnerability that affects Windows Media Player, Windows Messenger, and MSN Messenger. Two CVE notations (CAN-2004-1244, CAN-2004-0597) are
encompassed by this advisory. The programs have a vulnerability in the way they handle PNG image files that have excessive height or width values.
Simply by constructing a malicious image, a user that clicked on it could have their PC taken over.
Microsoft Security Bulletin MS05-010 affects Microsoft's Windows
Server 2003 and NT products and exploits a vulnerability in those products License Logging Service. The vulnerability is classified as CAN-2005-0050
and if exploited leaves the server open for remote arbitrary code execution to take complete control of the affected system.
Microsoft Security Bulletin MS05-011 addresses CAN-2005-0045, which is a
Server Message Block Vulnerability. As with most of the other vulnerabilities that Microsoft is patching in this release, it could lead to a complete
takeover of an infected machine.
Microsoft Security Bulletin MS05-004 fixes a path validation vulnerability (CAN-2004-0847) that affects the ASP.NET framework. Microsoft's advisory classifies the issue as a "canonicalization" issue that could allow an attacker to bypass ASP.net security measures to gain access.
Microsoft Security Bulletin MS05-006 affects the Sharepoint collaboration application. The patch addresses CAN-2005-0049, which is a Cross-site Scripting and Spoofing Vulnerability.
Microsoft Security Bulletin MS05-005 affects Microsoft Office XP,
Microsoft Project 2002, Microsoft Visio 2002, and Microsoft Works Suite. The patch fixes a critical vulnerability (CAN-2004-0848) that allows a
buffer overrun condition to be triggered ultimately resulting in a situation where an attacker could gain complete control of a system.
