Microsoft issued a dozen fixes -- including nine that the Redmond, Wash.-based software giant deemed critical -- in its monthly Patch Tuesday release. The nine critical fixes addressed flaws that could enable remote attackers to execute arbitrary code.
The most critical patch in this cycle addresses a vulnerability in the Windows Server Service (MS06-040), according to Chi Zhang, manager of Nevis Labs, the security research arm of Mountain View, Calif.-based Nevis Networks.
This flaw is particularly dangerous because it doesn't require any user interaction and could allow an attacker to gain complete control over the targeted system, giving them the ability to alter or delete data and create new user accounts with full privileges, Zhang said.
Another critical patch (MS06-048) fixed two remote code execution vulnerabilities in Powerpoint, including an exploit that came to light hours after last month's patch release. That attack involved a Trojan horse that Symantec dubbed Trojan.PPDropper.B, which arrived in an email from a Gmail address and is believed to have originated in Asia.
An attacker could remotely exploit these vulnerabilities by constructing a PowerPoint file containing malformed code and persuading a victim to click on a link in an email, which could give them full control over an affected machine as well as the ability to add new users, Zhang said. However, these flaws require a user to be logged in with administrative privileges to be fully exploited, added Zhang.
Hackers could use a similar approach to exploit a flaw in Outlook Express (MS06-043) related to the way Windows parses MHTML, a standard for sending HTML in email, as well as one in the Windows HTML Help ActiveX control (MS06-046), Microsoft said.
Chris Andrew, vice president of security technologies at PatchLink, Scottsdale, Ariz., said companies shouldn't underestimate the implications of these types of exploits.
"Theoretically they might not appear to have a huge impact, but if you can persuade someone to go to a Website and click on a link, pretty soon they will be on your network," he said.
Andrew expects the recent trend of zero day exploits cropping up immediately after Patch Tuesday to continue, because it's relatively easy to uncover new vulnerabilities that are related to recently patched ones.
"Sometimes it's a matter of casual inspection by hackers and researchers into an adjacent area," said Andrew. "As soon as you announce a flaw in an application, people will start looking for other exploits."
Other critical patches Microsoft issued Tuesday address vulnerabilities in Internet Explorer (MS06-042), Microsoft Management Console (MS06-044), Windows DNS Resolution (MS06-041), and Windows Kernel (MS06-051), and Visual Basic for Applications (MS06-047).
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
