I am not sure if this is an appropriate post but I receive monthly Microsoft patch disclosures from eEye and thought it would be helpful to share them here. I will post them monthly as I receive them if anyone is interested.


This Month's Bulletins (July)

Important

* MS08-037 - Vulnerabilities in DNS Could Allow Spoofing
* MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution
* MS08-039 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service
* MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege


Bulletin Summary

MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/sec.../MS08-037.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: Medium

Description
This patch fixes two vulnerabilities within Microsoft's DNS server and client. These vulnerabilities allow an attacker to form a specially-crafted DNS packet that, when parsed by a target system could allow for an attacker to hijack a DNS entry and redirect legitimate traffic to a potentially malicious host.

* CVE-2008-1447 - DNS Insufficient Socket Entropy Vulnerability
A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic.

* CVE-2008-1454 - DNS Cache Poisoning Vulnerability
A cache poisoning vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations.

These vulnerabilities pose a fairly serious risk to networks, especially networks where users typically browse web sites in the Internet space that might be potentially spoofed by an attacker that has hijacked their DNS entry.

Recommendations
Administrators are urged to roll out this patch as soon as possible to vulnerable systems after verifying that DNS functionality remains intact.


MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
http://www.microsoft.com/technet/sec.../MS08-038.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: Medium

Description
This patch fixes one vulnerability within Windows Explorer on Vista and Server 2008. This vulnerability could allow an attacker to form a specially-crafted Saved Search file that, when parsed by a target system could potentially execute arbitrary code under the context of the logged in user.

* CVE-2008-1435 - Windows Saved Search Vulnerability
A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.

These vulnerabilities pose a fairly serious risk to networks, especially on Windows XP/2003 networks where this vulnerability would actually restart the target systems.

Recommendations
Administrators are urged to roll out this patch as soon as possible to vulnerable systems, especially Vista systems that will typically have a large installation base and have the most user interaction.


MS08-039
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
http://www.microsoft.com/technet/sec.../MS08-039.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: Medium

Description
This patch fixes two vulnerabilities within Microsoft's Outlook Web Access (OWA) interface to Exchange. These vulnerabilities allow an attacker to form a specially-crafted HTTP request that, when clicked by a user, could result in a cross-site scripting exploit, which, under the worst circumstances, might allow for the elevation of privileges.

* CVE-2008-2247 - Outlook Web Access for Exchange Server Data Validation Cross-Site Scripting Vulnerability
This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server.

* CVE-2008-2248 - Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability
This is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server.

These vulnerabilities pose a very serious risk to networks where users are able to access their email remotely via OWA, especially those networks without a VPN.

Recommendations
Administrators are urged to roll out this patch as soon as possible to vulnerable Exchange systems, especially those that have OWA enabled and exposed.


MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
http://www.microsoft.com/technet/sec.../MS08-040.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: High

Description
This patch fixes four vulnerabilities within Microsoft's SQL server. These vulnerabilities allow an authenticated attacker to execute arbitrary code on the target system, potentially compromising the entire SQL system and all data included on it.

* CVE-2008-0085 - Memory Page Reuse Vulnerability
An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data.

* CVE-2008-0086 - Convert Buffer Overrun
A vulnerability exists in the convert function in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

* CVE-2008-0107 - SQL Server Memory Corruption Vulnerability
A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

* CVE-2008-0106 - SQL Server Buffer Overrun Vulnerability
A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

These vulnerabilities pose a very serious risk to SQL servers depending on the exposed SQL functionality, especially those that might be used by multiple users (i.e. Web Hosting).

Recommendations
Administrators are urged to roll out this patch as soon as possible to affected SQL systems, especially those that have a large amount of administrators or users with access.