[ISN] Microsoft releases patches for 18 separate flaws

[InfoSec News]

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,101033,00.html

By Jaikumar Vijayan 
APRIL 12, 2005 
COMPUTERWORLD

After a rare lull in March, Microsoft Corp. today released eight
security bulletins detailing fixes for 18 separate vulnerabilities
affecting a wide range of its software products.

Five of the patches released today under Microsoft's monthly patch
release program were for critical flaws, while the rest addressed less
serious issues in Microsoft's Windows, Internet Explorer, Exchange,
Messenger and Office products.

Among the more serious holes are those affecting Microsoft's IE Web
browser software, said Michael Sutton, director of vulnerability
research at iDefense Inc. a Reston, Va.-based security intelligence
firm that discovered two of the critical vulnerabilities disclosed
today.

One of the Internet Explorer flaws, described in Microsoft Security
Bulletin MS05-020 [1], results from the way in which IE handles
certain dynamic HTML objects, Sutton said. The flaw allows attackers
to construct a malicious Web page that could then be used to infect
the systems of those who visit the site.

"It is a condition that could result in the execution of arbitrary
code on a compromised system," Sutton said.

The other critical IE vulnerability, also detailed in Security
Bulletin MS05-020, results from the way Internet Explorer handles
certain URLs with very long host names. Host names over 250 characters
long can be used to trigger "input validation" errors that could allow
malicious hackers to take control of compromised systems. To exploit
this vulnerability, an attacker would need to either host a Web site
that contains a malicious Web page or compromise someone else's Web
site and have it display malicious content, according to Microsoft's
description of the flaw.

Though neither flaw is especially easy to exploit, iDefense has
developed proof-of-concept code in both instances, Sutton said.

Another of the critical vulnerabilities announced today affects
Microsoft's Exchange Server software, according to Security Bulletin
MS05-021 [2].

According to Microsoft, the flaw allows an attacker to connect to the
SMTP port on an Exchange server and issue a specially-crafted command
that could result in a denial-of-service attack or allow an attacker
to run malicious programs on the compromised system.

"The Exchange Server flaw is reasonably trivial to exploit," said Neel
Mehta, team lead for advanced research at Internet Security Systems
Inc.'s X-Force vulnerability research group in Atlanta.

"We are fairly concerned that an [exploit] could become available
soon" that takes advantage of the flaw, Mehta said.

Another vulnerability in MSN Messenger that could lead to remote code
execution was also rated as critical by Microsoft in Security Bulletin
MS05-022 [3].

[1] http://www.microsoft.com/technet/security/bulletin/MS05-020.mspx
[2] http://www.microsoft.com/technet/security/bulletin/MS05-021.mspx
[3] http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx