Microsoft Releases Eight Critical Windows Updates
Internet Explorer was the focus of two critical patches. One addresses a flaw in the Web browser that could provide a pathway for remote code execution, expose sensitive information, and give third parties the ability to create accounts on the host operating system. The other fixes an issue in which malicious Web content could be used to corrupt memory in Jscript and lead to remote code execution. Microsoft recommends that users install both patches at the same time.
Three of the critical patches released Tuesday address image processing vulnerabilities that could lead to remote code execution. One addresses a newly discovered vulnerability in Windows Media Player related to how it handles PNG images. Another patch protects machines by removing support for .art image files -- a proprietary image format used by AOL client software -- from Internet Explorer. Still another patch fixes a flaw in the Graphics Rendering Engine of Windows 98, 98SE, and ME.
Microsoft's Routing and Remote Access Services (RRAS), which is used to connect PCs to remote networks over dialup modems and for LAN/WAN connections through VPNs, is the focus of one critical update. The flaw could allow attackers to gain unauthorized access to networks from a remote location.
Another patch fixes the vulnerability in Microsoft Word that came to light last month. The exploit shows up as an e-mail with an infected Word attachment that, if opened, drops a backdoor on the PC, enabling a remote user to gain access to the machine for collecting or altering data, creating new user accounts or launching more attacks.
A remote code execution flaw in PowerPoint was the focus of the final critical update. This exploit takes the form of a malicious PowerPoint document with a malformed record that's capable of corrupting system memory, making it possible to execute code. Microsoft classifies the patch as critical for Powerpoint 2000 and important for Mac and other versions.
Microsoft also released a patch for a remote code execution vulnerability in the TCP/IP protocol driver that could enable attackers to gain control of infected machines. Although Microsoft designated this flaw as important, researchers at the SANS Internet Storm Center disagreed.
"We at the Internet Storm Center feel that it is very critical [and easy to exploit]. One spoofed packet could allow an attacker to "own" a vulnerable system. The TCP/IP stack is vulnerable to a buffer overflow in the handling of source routed packets," read a posting on the organization's website.
To protect systems, SANS Internet Storm researchers recommended blocking packets with source routing options in the firewall, using personal firewall software, and disabling source routing in Windows by setting a registry key.