Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday

June 10th, 2008

Critical IE, Bluetooth, DirectX flaws highlight MS Patch TuesdayMicrosoft’s Patch Tuesday train rumbled into the security station today with high-priority patches for multiple vulnerabilities affecting Internet Explorer, the Bluetooth stack in Windows and Microsoft DirectX.

In all, the Redmond, Wash. software vendor released seven bulletins — 3 critical, 3 important and 1 moderate — with patches for at least 10 documented vulnerabilities affecting Windows users. The “moderate” bulletin also includes a “killbit” to address an ActiveX control vulnerability in a third-party product.

The three critical bulletins all address flaws that could lead to remote code execution attacks.

The most serious of the three — MS08-031 — covers two separate issues (one publicly disclosed) affecting Microsoft’s flagship IE browser. It affects IE 6 SP1on Microsoft Windows 2000 SP4; IE 6 on supported versions of Windows XP; and IE 7 on supported versions of Windows XP and Windows Vista.

Microsoft warns:

An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker’s Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

Windows users should also pay special attention to MS08-033, which covers two separate vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file.

The DirectX bulletin is rated critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

The third high-priority bulletin — MS08-030 — comes with a patch for a remote code execution bug in the Bluetooth stack:

A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large number of service description requests. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts with full user rights.

The three “important” bulletins cover serious flaws in the WINS (Windows Internet Name Service);implementations of Active Directory; and denial-of-service bugs in the PGM (Pragmatic General Multicast) protocol.

The “moderate” bulletin covers a pair of buggy ActiveX controls from Microsoft and BackWeb.

[Source: zdnet]