Weborum Webmaster Forum > Recent Criticals Released

Weborum Webmaster Forum > Foo / General > Security warnings

Willy Duitt

Jul 14 2004, 06:24 AM

Microsoft have recently released a number of critical updates to combat the recently exposed vulnerbilities.
Get your updates now!

However, once you do, you will still be vulnerable...
If you read the whitepapers Microsoft has issued for each of the updates (most of which have to do with the Help Server) you will find that as a workaround to nearly full protection, they recommend that you completely disable the Help Server by unregistering the .dll needed to run the server....

Start --> Run --> Type:
regsvr32 /u %windir%\system32\itss.dll

This has been a puplic service announcement provided by:
The Top Bananna;
....Willy

Edit: BTW; A brief summary of the updates taken from the Internet Storm Center:

QUOTE

Swa Frantzen, wrote up the following summary of issues addressed by Microsoft's security bulletin:

MS04-018: References CAN-2004-0215 Users of Outlook Express should look into this one. For now it's a DoS only, so it can probably be last on your priorities. As always with this kind of software, the preview pane aggravates the problem. Turning preview panes off is a good idea.

MS04-19: References CAN-2004-0213 Local users can escalate to system privilege levels. If you don't trust all your local users this is probably somewhat more than important to deal with soon. This can probably be exploited later in a compounded attack, so best to take care of it even if you trust your local users.

MS04-20: References CAN-2004-0210 A buffer overflow in the POSIX code causes local users to be able to completely control the system. For now Windows XP and 2003 are exempt form this. If you don't trust all your local users this is probably somewhat more than important to deal with soon. This can probably be exploited later in a compounded attack, so best to take care of it even if you trust your local users.

MS04-21: References CAN-2004-0205 IIS 4.0 remote buffer overflow - full remote control. If you still use IIS 4.0 this is probably yet another reason to upgrade.

MS04-22: References CAN-2004-0212 REMOTE code execution in the task scheduler with the privileges of the logged in user. Windows 2003 is for now exempt from the problem. Interesting workaround: block access to files ending in ".job" in the perimeter

MS04-23: References CAN-2004-0201 and CAN-2003-1041 Remote code execution in the help system with the privileges of logged in user. Outlook is a transport vector for this vulnerability--easy worm potential!

MS04-24: References CAN-2004-0420 Remote code execution via Windows shell with the privileges of logged in user. Exploit uses the COM subsystem to trigger execution that's supposed to be blocked based on extensions. Although Microsoft considers this patch "important," public availability of the exploit raises our assessment the vulnerability's severity.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.