Tech Features

Microsoft releases security patches, and updates (Technical Overview)

By Steve Ragan Feb 14, 2007, 16:08 GMT

Microsoft recently updated Windows systems and offered protection for twelve security vulnerabilities. The largest patch release of the year, some of these twelve patches were withheld in January when the original eight patches were cut to four just before their release.

Addressing what many called critical or serious, Microsoft has released details of what was fixed, and what the patches covered. Monsters and Critics provide a brief executive overview of the MS-Bulletin Summary for February 2007, as well as updates released by Microsoft as well as the current list of known unpatched flaws. A full technical listing of related links and articles will follow.

According to the release by Microsoft, the following were reported as Critical and are in need of Urgent Attention by IT administrators, and home users. The first set of Critical patches cover MS-07-008, 009, and 010. Each one addresses security flaws allowing for remote code execution on an exploited system. The programs affected were HTML Help, Microsoft Data Access Components, and Microsoft Malware Protection Engine. The HTML Help and MDAC are ActiveX Exploits. They have existed since August 8, 2006, and April of 2006. Html Help and MDAC have exploit proof of concept code online, and are subject to targeted attack, or exploitation on unpatched systems.

The second set of Critical patches cover MS-07-014, 015, and 016. Each one addresses security flaws allowing for remote code execution on an exploited system. The programs affected were Microsoft Word, Microsoft Office, and Internet Explorer.

The Microsoft Word exploits are different form the ones covered on Microsoft office as they are targeted at Word only. The Microsoft Office exploits were general in nature and would word on a range of Office applications. The Word and Office security risks have been known to the public since October 10, 2006, and December 12,2006.

Exploitation proof of concept code has been released for both the Office and the Word vulnerabilities. The concept code for exploitation of Internet Explorer is not public.

According to the release by Microsoft, the following were reported as Important and are in need of Attention by IT administrators, and home users.

MS07-005, 006, 007, 011, 012, and 013 include the following list of vulnerabilities.

Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution.
-Exploitation proof of concept code not public

Vulnerability in Windows Shell Could Allow Elevation of Privilege.
-Exploitation proof of concept code not public

Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege.
-Exploitation proof of concept code not public

Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution.
-Exploit code is public

Vulnerability in Microsoft MFC Could Allow Remote Code Execution.
- Exploit code is public

Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution.
- Found in Mac OS X versions of Office.
- Exploitation proof of concept code no public

After the patches offered by Microsoft are applied, there remain a number of unpatched security holes. The following are a list of unpatched security vulnerabilities on Microsoft Windows or Microsoft Office.

Microsoft Word 2000
Microsoft PowerPoint 2003
Internet Explorer msxml3
NetWkstaUserEnum() memory allocation exhaustion
MessageBox () csrss double free vulnerability
RPC in Windows 2000 SP4 UPnP and SPOOLS
Microsoft Windows NAT Helper Components

These open and unpatched bugs pose little risk. They either offer a denial-of-service or remove code execution scenario.

Technical Bulletins and Notes for Critical Updates (2-13-2007)
http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-009.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-010.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-015.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx

Technical Bulletins and Notes for Important Updates (2-13-2007)
http://www.microsoft.com/technet/security/Bulletin/MS07-005.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx
http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx

The next block of links deal with Windows vulnerabilities that were patched (2-13-2007)