New Patches Help Solve Security Issues with Microsoft Products

October's batch of patches includes a monster fix for the Internet Explorer browser and critical updates for SMTP, NNTP, Excel and Windows Shell.


In all, the software giant issued 10 advisories, seven rated "critical" and three with the lower "important" rating.

In addition, Microsoft re-released the MS04-028 bulletin to correct newly discovered issues for customers running Windows XP Service Pack 2 (SP2). The updated MS04-028 advisory covers JPEG Parsing (GDI+) in Windows, Office and other graphics programs, and comes at a time when active exploits are already making the rounds.

The most notable fix released Tuesday ( download MS04-038 ) covers known holes in the IE browser, and Microsoft warned that active exploits are already targeting Windows users. The cumulative IE patch includes a fix for a CSS Heap Memory Corruption flaw that could allow remote code execution; a name redirection flaw that would give an attacker access to a susceptible PC and a drag-and-drop vulnerability that gives malicious hackers complete control of an affected system.

Information on the drag-and-drop weakness, which affects IE versions 5.01, 5.5 and 6.0 on Microsoft Windows XP SP1 or SP2, has been available for nearly two months.

The IE patch also includes a fix for an Install Engine vulnerability; two separate flaws that could lead to address bar spoofing; an SSL caching weakness; and a privilege elevation vulnerability in the way IE processes scripts in image tags.

Microsoft issued another critical alert ( download MS04-034 ) to plug a remote code execution bug in the way that Windows processes Compressed (zipped) Folders. Microsoft warned that a successful exploit could let an attacker take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.

Windows Server 2003 SMTP Component
The company also released a fix download MS04-035 ) for a code execution flaw in the way the Windows Server 2003 SMTP component handles Domain Name System (DNS) lookups.

"An attacker could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned.

The "critical" SMTP bug also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.

A separate patch with a "critical" rating download MS04-036 ) was also issued for a remote code execution vulnerability, the Network News Transfer Protocol (NNTP) component used in Microsoft Windows or Microsoft Exchange Server.

Microsoft said the NNTP hole could allow an attacker to construct a malicious request to launch harmful code and take over a user's PC.

Download MS04-037 was also released to cover two holes in Windows Shell that could lead to harmful code execution. It corrects the way that the Windows Shell starts applications, and it corrects a bug in the way specially crafted requests are handled in the Program Group Converter.

The company's Office Excel product suite was also patched to protect against a remote code execution vulnerability. Affected users can find the MS04-033 advisory here .

Windows Kernel Flaw
Another "critical" released Tuesday covers a remote execution code vulnerability in all versions of Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. The patch corrects four flaws and replaces existing patches to window management, virtual DOS machine, Windows kernel and graphics rendering engine vulnerabilities released earlier by Microsoft.

The virtual DOS machine and window management breaches are both privilege elevation vulnerabilities, meaning attackers could gain administrative rights to an entire group of computers in the network. From there, they could add new users, delete others, install software or delete files in the network. The graphics engine vulnerability is a remote code execution flaw that attacks through Windows metafile and enhanced metafile images, and gives the cracker complete control of the system.

This content continues onto the next page...