[ISN] Microsoft Patches Flaw in Service Pack 2

InfoSec News isn at c4i.org
Wed Jan 12 10:38:44 EST 2005


By Brian Krebs
washingtonpost.com Staff Writer
January 11, 2005

Microsoft Corp. on Tuesday issued a trio of software updates to fix
security holes in computers powered by its Windows operating system,
including one flaw that hackers are using to infiltrate PCs equipped
with a massive security upgrade the company released just five months

The three patches, available at http://windowsupdate.microsoft.com,
mend four different software holes. Two of the patches earned a
"critical" rating from Microsoft, its most serious. The software giant
said attackers could exploit three of the flaws merely by convincing
users to visit a malicious Web site or open a specially crafted

The most severe of the flaws involves a glitch in the way Windows
handles requests for "HTML help," a function that uses Microsoft's
Internet Explorer Web browser to display instructions for using a
variety of computer programs. The help-file flaw is present in nearly
all versions of Windows, including computers running Windows XP that
also have the Service Pack 2 security upgrade installed.

Service Pack 2 was released to the public in August to fix a number of
persistent security problems and two switch on key Windows XP security
features, such as automatic downloading and installation of patches
and a firewall to block unwanted Internet traffic.

Stephen Toulouse, Microsoft's security program manager, said the
company has seen only a handful of attempts to exploit the help-file
security flaw.

"Still, any amount of exploitation concerns us, and this update
addresses that," he said.

Oliver Friedrichs, senior manager of security response for Cupertino,
Calif.-based security firm Symantec Corp., said his company has seen
at least three different cases where malicious Web sites have used the
help- file weakness to install spyware on vulnerable computers.

Friedrichs cautioned that the other three security flaws remain
serious threats, as computer code demonstrating how attackers could
wield at least one of them now is publicly available online.

Microsoft also released today a "malicious software removal tool,"  
which scours Windows PCs for some of the more prolific Internet worms,
including "Blaster," "Sasser," "Mydoom," "Gaobot" and "Nachi." The
tool will be distributed to the more than 112 million Windows users
who have opted to accept automatic security updates from Microsoft and
will be updated once a month, Toulouse said.

More information about the ISN mailing list