Critical MS vulnerabilities could pose spyware threat |
 |
By Jennifer Lawinski, News Writer
22 Jun 2005 | SearchWindowsSecurity.com |
|
|
Of the 10 Microsoft security bulletins issued last week, experts recommend that administrators address vulnerabilities in Internet Explorer and Server Message Block as quickly as possible.
A third vulnerability, in HTML Help, was also rated critical.
"This month is kind of wake up call," said Chris Andrew, vice president of product management at PatchLink Corp., in Scottsdale, Ariz. "We would say the three critical ones were the most important to get fixed in the 72-hour best practices window and get patched."
Tina Bird, security architect for InfoExpress Inc., in Mountain View, Calif., and a moderator for the Patchmanagement.org newsgroup, said that the message block vulnerability was alarming, comparing the potential threat to previous attacks in which users were infected without taking action.
"The thing that made the Blaster worm so devastating was that the vulnerability that was being taken advantage of is something that you could get to on the network, no matter how your machine is configured," she said. "It didn't require any sort of user interaction or authentication. Networking protocols are the way that those vulnerabilities get hit."
Microsoft also released a critical patch for the Server Message Block (SMB), MS05-011, in February.
So far, the patches have been working smoothly, Andrew said.
"We haven't had any issues in our testing," he said. "We do go through and test all of the individual vulnerability fixes and so far, nothing bad to report."
Andrew warned that the Server Message Block vulnerability, combined with the Internet Explorer image processing vulnerability, could be used to get a worm inside a customer's network. While the IE vulnerability could allow users to bring unwanted things into the network, it was "just a matter of removing them," he said, unless the attack was combined.
"I think the biggest threat is the SMB vulnerability because that really is a server-to-server transfer, and there's the possibility of a worm-spread there," Andrew said.
Bird also thought that the IE and HTML Help vulnerabilities could cause problems if exploited. Microsoft warns that the IE vulnerability could allow remote code execution.
"They call their IE bug remote because it's pretty easy for someone to get them without having to be logged on to the machine," she said. "It's something to be concerned about. Spyware gets installed through bugs in IE. On the other hand, an IE bug isn't going to lead to Blaster."
|
