Printable View
Microsoft posted a bunch of new security patches today, you can find information about them at:
http://www.microsoft.com/technet/security/default.mspx
While some are worse then others, the MS05-011 looks like it has the potential to be the next vulnerability exploited by network aware worms.
Yeah, I just got an email about this and updated my boxes. Wonder if there is any exploite code out there yet? Guess I need to go visit Security Focus.
Kewl.... They should be waiting on my WUS servers in the morning..... ;)
seven in all. Soon it may be that so many ms patches, fixes and updates are posted each month that ms will force automation in its next release of os just to save on bad press never mind licensing issues.
Just an FYI...
You can get the same notifications that MS Premier members do for free. I guess this is somthing they just started to offer. I find it helpful because it is a comphrensive email stating what is being released and what all the security updates encompass.
------------------------------------------------------------------------------------
Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:
- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".
Also, they updated an older Sec Bulletin, MS04-035 dealing with exchange. For everyone running WUS/SUS I suggest you configure it to 'Auto Approve' updated patches. Otherwise you might end up like I did yesterday on one of our SUS boxes, clicking 30+ check boxes... argh.
Does anyone know if this vulnerability is exploitable via simply sending an email to a mailbox on an Exchange server? Does the Exchange server application process the OLE/TNEF portion of the email or just on client?Quote:
MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
http://www.microsoft.com/technet/sec.../MS05-012.mspx
FAQ for Input Validation Vulnerability - CAN-2005-0044:
How could an attacker exploit the vulnerability?
On Exchange Server 5.0, Exchange Server 5.5, Exchange 2000 Server, and Exchange Server 2003 any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability. User interaction is required to exploit this vulnerability on Windows 2000, Windows XP, and Windows Server 2003. For an attack to be successful by sending an e-mail message to a locally logged on user, the user must open an attachment that contains a malicious OLE object. Many different types of attached documents can contain the affected OLE Object types. All Office file types as well as many other third-party file types could contain a malicious OLE Object.
I'm trying to figure out how vulnerable my environment is to this nasty.
From the description you provided it appears that the user has to be logged onto the exchange server and be reading email..... Frankly, anyone allowing anyone to use an Exchange server as a workstation, web browser or anything is terminally stupid.... ;)
Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:
http://hellomate.typepad.com/exchang...oft_secur.html
Quote:
Originally posted here by Timmy77
Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:
http://hellomate.typepad.com/exchang...oft_secur.html
nothing in that post seems to suggest that the user-interaction is not required for infection... I can't yet see how something like that would occur.