Sponsored by..

Wednesday, 9 May 2007

Patch Tuesday

A number of nasty looking vulnerabilities. These are my takes on the seriousness of these flaws, you should evaluate them against your own organisation.


MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
A series of flaws in Microsoft Exchange 2003 and 2007, the most serious of which is a MIME decoding flaw which can allow a remote attacker to take complete control of the system through a specially crafted email message. This is an extremely serious problem because most corporate firewalls will not offer any protection against messages of this type. There are no known current exploits, but these usually come about very quickly after the vulnerability is announced.
Client impact: low
Server impact: high


MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
A critical flaw in the DNS server service can allow a remote attacker to take complete control of a system. This is clearly a significant threat to any servers running the DNS service role and will patching as soon as possible. This is being actively exploited at the moment. Corporate firewalls will mitigate against this somewhat, until an infected machine enters your network.
Client impact: low
Server impact: high


MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
A depressingly familiar flaw in MS Office impacting Excel 2000, 2002, 2003 and 2007 and even Excel 2004 for the Mac. WSUS or some other patching method should be used to roll these out to client workstations. Safe server practices should mean that this is not so important for corporate servers.
Client impact: high
Server impact: low

MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Another Office flaw, this time for Word 2000, 2002 and 2003 plus Microsoft Works 2004, 2005 and 2006 - but not Word 2007. This is being actively exploited and should be authorised for rollout as soon as possible.. Office 2000 installations will require manual remediation.
Client impact: high
Server impact: low

MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
A vulnerability in the way Office handles drawing objects can be exploited by a specially crafted Office document (e.g. attached to an email) or an object embedded in a web site. This affects Office 2000, 2002, 2003 and 2007 and also Office 2004 for the Mac - primarily the Excel, Publisher and FrontPage components. It also impacts Excel Viewer 2003. This should be authorised for rollout to clients as soon as possible. Office 2000 will require manual remediation.
Client impact: high
Server impact: low

MS07-027 Cumulative Security Update for Internet Explorer (931768)
Various flaws in IE6 and IE7 on Windows 2000, XP, 2003 and Vista. Safe practice on servers should mitigate against this (i.e. restrict use of IE to Windows Update only). Some of these flaws are being actively exploited, so patch as soon as possible.
Client impact: high
Server impact: low

MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Well, obviously high if you use this product, else few people will be at risk.
Client impact: low
Server impact: low

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.