Whipnet's Home
Home
Whipnet's Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet

 


Business Consultations
You Are Here --->
Software Services
Virus Removal Services
 
Technical Hand - Hardware - LAN - Rollouts

 

 

Where is the Industry Headed?

Future of Computing

Home | Computer Hardware ServicesMicrosoft Security Bulletins

The information provided in this site is provided "as is" without warranty of any kind. Microsoft Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Furthermore, this information is only listed as a resource for such information by Whiptech. Whiptech is in no way responsible for the use or misuse of the information by anyone, anywhere, at anytime.

Home | Computer Hardware ServicesMicrosoft Patch Disclosure - August 2006

Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
Published: August 8, 2006
Microsoft Severity Rating: Critical


Description:
This bulletin can be a bit inconsistent and confusing to those that take the time to read the entire thing. At one point the bulletin states that:
"To attempt to exploit the vulnerability, an attacker must be able to log on locally to the system and run a program."
But then the rest of the bulletin talks about exploiting this issue via a maliciously crafted website, which of course does not require the attacker to log on locally.
The bulletin is also unclear about the level of rights an attacker will have if he exploits a vulnerable system. At one point the bulletin states:
"An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
But then it points out:
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
On the last Windows system we looked at, you required a level of administrative rights to "create new accounts with full user rights" and even in some cases to install programs.

So, to try and clear up the confusion: Yes, this is a web-based attack scenario that requires the victim to perform multiple actions starting with clicking on a malicious link or visiting a malicious website. Note that it has also been pointed out that malicious banner ads can also be used. At this point exploitation is not automatic and will still require user interaction. Once exploited, an attacker can run commands in the context of the logged-in user. Because we are talking about Microsoft Management console, it is safe to assume that the logged-in user will be an Administrator.


Mitigating Factors:
Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4 will not open local files from the Internet Zone. Note that Explorer 6 Service Pack 1 will still open local files, and thus is vulnerable, from sites in the Local Intranet or Trusted Sites zones.
. An attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.
. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 98 and Outlook 2000 open HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed. The Restricted sites zone helps reduce attacks that could try to exploit this vulnerability.
The risk of attack from the HTML e-mail vector can be significantly reduced if you meet all the following conditions:
. Apply the update that is included with Microsoft Security Bulletin MS03-040 or a later Cumulative Security Update for Internet Explorer.
. Use Internet Explorer 6 or a later version.
. Use the latest security update for Microsoft Outlook, use Microsoft Outlook Express 6 or a later version, or use Microsoft Outlook 2000 Service Pack 2 or a later version in its default configuration.

Affected Software:

. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 . Microsoft   Windows XP Professional x64 Edition
. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server   2003 with SP1 for Itanium-based Systems
. Microsoft Windows Server 2003 x64 Edition

HOME                                                          © 2002-2020 Whipnet Technologies