Microsoft Fixes Nine Remote Code Execution Flaws

The most critical patch in this cycle addresses a vulnerability in the Windows Server Service (MS06-040), according to Chi Zhang, manager of Nevis Labs, the security research arm of Mountain View, Calif.-based Nevis Networks.

This flaw is particularly dangerous because it doesn't require any user interaction and could allow an attacker to gain complete control over the targeted system, giving them the ability to alter or delete data and create new user accounts with full privileges, Zhang said.

Another critical patch (MS06-048) fixed two remote code execution vulnerabilities in Powerpoint, including an exploit that came to light hours after last month's patch release. That attack involved a Trojan horse that Symantec dubbed Trojan.PPDropper.B, which arrived in an email from a Gmail address and is believed to have originated in Asia.

An attacker could remotely exploit these vulnerabilities by constructing a PowerPoint file containing malformed code and persuading a victim to click on a link in an email, which could give them full control over an affected machine as well as the ability to add new users, Zhang said. However, these flaws require a user to be logged in with administrative privileges to be fully exploited, added Zhang.

Hackers could use a similar approach to exploit a flaw in Outlook Express (MS06-043) related to the way Windows parses MHTML, a standard for sending HTML in email, as well as one in the Windows HTML Help ActiveX control (MS06-046), Microsoft said.

Chris Andrew, vice president of security technologies at PatchLink, Scottsdale, Ariz., said companies shouldn't underestimate the implications of these types of exploits.

"Theoretically they might not appear to have a huge impact, but if you can persuade someone to go to a Website and click on a link, pretty soon they will be on your network," he said.

Andrew expects the recent trend of zero day exploits cropping up immediately after Patch Tuesday to continue, because it's relatively easy to uncover new vulnerabilities that are related to recently patched ones.

"Sometimes it's a matter of casual inspection by hackers and researchers into an adjacent area," said Andrew. "As soon as you announce a flaw in an application, people will start looking for other exploits."

Other critical patches Microsoft issued Tuesday address vulnerabilities in Internet Explorer (MS06-042), Microsoft Management Console (MS06-044), Windows DNS Resolution (MS06-041), and Windows Kernel (MS06-051), and Visual Basic for Applications (MS06-047).