That big ol’ softy Microsoft sent out valentines to all its users on February 14—seven of them, to be exact. The software giant released seven security bulletins for this month’s Patch Tuesday. While two of the bulletins are critical—the remaining five are important—none of the bulletins is actually a big threat.
Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingdom.com
Details
Microsoft’s seven security bulletins for February really were a Valentine’s Day treat. Even the two critical bulletins aren’t particularly dangerous in a corporate setting. In fact, some of the important bulletins affect only a tiny fraction of the Microsoft user base. Let’s take a closer look.
MS06-004
Microsoft Security Bulletin MS06-004, “Cumulative Security Update for Internet Explorer,” replaces Microsoft Security Bulletin MS05-054. This update fixes the WMF Image Parsing Memory Corruption Vulnerability (CVE-2006-0020), a graphics-related problem.
This vulnerability can allow a remote attacker to run arbitrary files on a vulnerable system by tricking users into opening a specially crafted e-mail graphics attachment or getting them to visit a malicious Web site. While this is a publicly disclosed threat, no exploits have appeared in the wild.
Applicability
Fortunately, this update only affects one version of Windows—Windows 2000 Service Pack 4. MS06-004 is a cumulative browser patch that only applies to Internet Explorer 5.01 SP4, which is part of Windows 2000 SP4. This update doesn’t apply to any other versions, including IE 6 for Windows Server 2003 or Windows XP SP2.
Risk level
Microsoft has rated MS06-004 as a critical threat, but keep in mind that it affects a relatively small number of installations.
Mitigating factors
Because Microsoft’s graphics engine determines how to deal with a file based on the actual file coding rather than the extension name, blocking Windows Metafile Format (WMF) files won’t block this attack—merely renaming the file with another extension would bypass the block but not remove the threat.
Fix
Install the update. A variety of known problems may occur with the installation of this patch, so check out Microsoft Knowledge Base Article 910620 to learn more details and find out about available workarounds for the problems caused by the patch.
MS06-005
Microsoft Security Bulletin MS06-005, “Vulnerability in Windows Media Player Could Allow Remote Code Execution,” fixes a remote code execution threat caused by the improper handling of bitmap (.bmp) files, which is due to an unchecked buffer (CVE-2006-0006). This update replaces Microsoft Security Bulletin MS05-009.
Because Windows Media Player isn’t the normal application that processes bitmap files, this is mostly a concern for users who download alternate “skins” for their media players. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
* Windows Media Player 7.1 on Windows 2000 SP4
* Windows Media Player for XP on Windows XP SP1
* Windows Media Player 9 on Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003
* Windows Media Player 10 on Windows XP S1 or Windows XP S2
Risk level
This is a critical threat for Windows Media Player 9 and Windows Media Player 10. Microsoft has rated it critical because a successful exploit would permit a remote attacker to take complete control of a vulnerable system—not because it’s easy to exploit or likely to be a major attack vector. This is an important threat for Windows Media Player 7.1 and Windows Media Player for XP.
Mitigating factors
This threat requires a considerable amount of social engineering to get users to download the dangerous code, and Windows Media Player is typically not an application that deals with .bmp files.
Fix
Install the update. Microsoft has tested multiple workarounds for this attack vector, but they involve editing the registry. It’s probably easier to just install the patch, especially since the workarounds cause multiple functionality restrictions in many DirectX applications.
MS06-006
Microsoft Security Bulletin MS06-006, “Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution,” addresses a Windows Media Player plug-in vulnerability (CVE-2006-0005), which is due to another unchecked buffer. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
* Windows 2000 SP4
* Windows XP SP1
* Windows XP SP2
* Windows XP x64 Edition
* Windows Server 2003
* Windows Server 2003 SP1
* Windows Server 2003 x64 Edition
Risk level
While this is a remote code execution threat, Microsoft has rated it important for all affected systems.
Mitigating factors
This threat doesn’t affect IE users—only users of alternative Web browsers. In addition, a potential attacker would have to convince users to visit a malicious Web site or open a suspicious e-mail.
Fix
Install the update. While there is a Microsoft-approved workaround available, using it will affect the way some Web sites display. Read the entire security bulletin for more details.
MS06-007
Microsoft Security Bulletin MS06-007, “Vulnerability in TCP/IP Could Allow Denial of Service,” addresses the IGMP v3 DoS vulnerability (CAN-2006-0021). This update replaces Microsoft Security Bulletin MS05-019. This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
* All versions of Windows XP
* All versions of Windows Server 2003
This threat does not affect Windows 2000 SP4.
Risk level
This is an important threat for all affected systems.
Mitigating factors
Using firewall best practices should block this attack vector.
Fix
Install the update. A Microsoft-approved workaround is available. However, this workaround involves editing the registry, so installing the patch is probably the better alternative.
MS06-008
Microsoft Security Bulletin MS06-008, “Vulnerability in Web Client Service Could Allow Remote Code Execution,” addresses a Web client vulnerability (CVE-2006-0013). This fixes a newly discovered, privately reported vulnerability. This update replaces Microsoft Security Bulletin MS05-028 for Windows XP SP1 and Windows Server 2003—but not for Windows XP SP2 or Windows Server 2003 SP1.
Applicability
* All versions of Windows XP
* All versions of Windows Server 2003
This threat does not affect Windows 2000 SP4.
Risk level
This is an important threat for all versions of Windows XP; it is a moderate threat for all versions of Windows Server 2003.
Mitigating factors
A potential attacker requires valid logon credentials to exploit this threat. In addition, Windows Server 2003 disables the Web Client Service by default.
Fix
Install the update. As a workaround, disable the Web Client Service in Windows XP. (To do so, go to Control Panel | Administrative Tools | Services | WebClient.) Blocking TCP Ports 139 and 445 will also stop some attacks.
MS06-009
Microsoft Security Bulletin MS06-009, “Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege,” addresses the Korean IME vulnerability (CVE-2006-0008). This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
While this threat affects a variety of Microsoft software, it only affects the Korean language version of these applications. Read the entire security bulletin for more details.
Risk level
This is an important threat for all affected versions.
Mitigating factors
In addition to only affecting the Korean language versions, there’s a variety of mitigating factors. See the security bulletin for more details.
Fix
Install the update. A variety of Microsoft-approved workarounds are available, including blocking TCP port 3389 at the enterprise perimeter firewall.
MS06-010
Microsoft Security Bulletin MS06-010, “Vulnerability in PowerPoint 2000 Could Allow Information Disclosure,” also fixes a threat that affects only a small amount of users. This update addresses the PowerPoint Temporary Internet Files Information Disclosure vulnerability (CVE-2006-0004). This is a newly disclosed threat, and no exploits have appeared in the wild.
Applicability
This only affects PowerPoint 2000, which is part of Microsoft Office 2000 Service Pack 3. This threat doesn’t affect any other versions of PowerPoint.
Risk level
Microsoft has rated this an important threat.
Mitigating factors
In addition to only affecting one version of PowerPoint, potential attackers would have to convince users to visit a malicious Web site or open a suspicious e-mail.
Fix
Install the update. Some Microsoft-approved workarounds are available. Read the entire security bulletin for more details.
Final word
Is anyone out there still using IE 5.01? If so, it really is time to upgrade—not just install the MS06-004 patch. Likewise, the other critical bulletin shouldn’t be much threat to computers in a corporate environment.