July 11, 2006 1:38 PM PDT

Microsoft plugs worm hole in Windows

Microsoft on Tuesday made available fixes for 18 security vulnerabilities in Windows and Office software.

The patches were delivered in seven security bulletins, five of which Microsoft deems "critical," its most serious rating. One of the urgent fixes addresses a flaw in a Windows component that could be used to spread a worm. Other updates deal with Office flaws that have already been used in targeted attacks.

Four updates tackled five Windows-related issues, including a security hole in a Windows component called "mailslot." The flaw poses the most severe risk in Tuesday's bunch, security specialist Symantec said in a statement. By sending a specially crafted network packet, an intruder could use the hole to remotely commandeer a vulnerable computer, without user interaction. The flaw affects Windows 2000, Windows XP and Windows Server 2003, Microsoft said in security bulletin MS06-035.

This means that the "mailslot" flaw could be exploited to launch a worm that could wreak havoc on the Internet. Because the flaw allows malicious code to execute without the PC owner doing anything, such as opening a file, it gives a worm a way to self-replicate.

"This vulnerability is the only worm candidate among the patched vulnerabilities today," Monty IJzerman, senior manager at McAfee Avert Labs said in a statement. Systems running Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 are at a lesser risk to this flaw because the operating systems do not have services listening on mailslots by default, according to Microsoft.

A "mailslot" is a temporary mechanism utilized by applications and operating system processes to facilitate unidirectional data transfer on Windows systems.

An error in the Windows Dynamic Host Configuration Protocol, or DHCP, client on the same systems similarly opens the door to a remote attack via a malicious network packet. However, an attacker has to be on the same subnetwork as the intended target, Microsoft said in bulletin MS06-036.

"Remotely exploitable vulnerabilities can pose a serious threat to organizations because they do not require user interaction and can be attacked from across the Internet," Dave Cole, director of Symantec Security Response, said in a statement.

Three of Microsoft's security bulletins address flaws in Office. Of those, one is dedicated to Excel and offers a fix for a total of eight flaws in the spreadsheet application. This includes patches for two so-called zero-day vulnerabilities that have already had attack code pushed out on the Internet.

All of the 13 Office-related vulnerabilities addressed by Tuesday's patches can be exploited by crafting a malicious Office document, according to Microsoft's security alerts. They could give complete control over a vulnerable system if the document is opened, the software maker said.

Office 2000 users are at higher risk because that version of the productivity software does not display an extra warning when it opens files from the Outlook e-mail client, Microsoft said. The Office and Excel flaws are detailed in security bulletins MS06-037, MS06-038 and MS06-039.

In addition to the five critical bulletins, Microsoft released two alerts labeled "important," one notch below the highest rating. Both primarily affect Web servers running Windows software.

One, MS06-034, addresses a flaw that primarily exposes Web servers that allow users to upload new content, Microsoft said. An attacker could upload a malformed ASP file and commandeer the server. The other, MS06-033, could allow an attacker to view the contents of the applications folder on a Web server.

Microsoft recommends that people install the critical fixes immediately. The updates are available via the Windows Update and Automatic Updates tools. Temporary workarounds are outlined in the security bulletins for those who can't immediately apply the patches.

See more CNET content tagged:
flaw, vulnerability, attacker, Web server, worm

9 comments

Join the conversation!
Add your comment
Wormable vulnarability do not apply to XP SP2 and server 2003 SP1
According to the MS bullitin, the ormable vulnarability do not apply to XP SP2 and server 2003 SP1.
<a class="jive-link-external" href="http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx" target="_newWindow">http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx</a>
Posted by fc11 (48 comments )
Reply Link Flag
Yeah, right...
Keep telling yourself everything is okay. Maybe someday it will be,
Skippy. But if you are so delusional as to think that M$ is going to
work in your best interest and actually produce a secure product,
you deserve the crap that you get from them.

Keep kidding yourselves Windozers, and enjoy the ride by Billy and
Stevie.
Posted by Dr Dude (49 comments )
Link Flag
maybe I am misreading that site then
Affected Software:

" Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2  Download the update

" Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1  Download the update
Posted by Bob Brinkman (556 comments )
Link Flag
Vulnerability does apply but disable by default
The vulnerability DOES indeed apply in WinXP SP2 and Win2K3 Server SP1, it's just that MS *FINALLY* learned their leason and has those services disabled by default. The services still exist and the vulnerability is there and will affect your system if you actually need to USE that service.

Don't get me wrong, MS definitely has done good by disabling this service by default and it will DRASTICALLY reduce the spread of worms if/when they arrive, however that doesn't mean that the problem doesn't exist. Servers in particular could be vulnerable to this as they are more likely to require this feature.
Posted by Hoser McMoose (182 comments )
Link Flag
this is news, how?
Microsoft is always finding security holes in their software and they always patch them as soon as they find them. This has happened so many times, can this really be newsworthy? Maybe if the exploits were used to crash a few hundred thousand computers but since that's not the case, let's move on...
Posted by thedreaming (573 comments )
Reply Link Flag
Why is this not news?
This is news because it tells me when updates are coming out so I can begin to test and deploy them. Why don't you move on and troll some other sites...
Posted by Gasaraki (183 comments )
Link Flag
"as soon as they find them"?
C|N&gt;K! More like, "they patch them several months after they have finally been discovered by the public".
Posted by davearonson (35 comments )
Link Flag
PC power button stops all worm holes on Windows
If you turn off the computer it will greatly improve the security of
Windows, this is the number one method to stop worms and other
bad things from getting into XP. Just call it Swiftys SP3 for XP, push
the power button to Off, and step away from the shoddy software
box please. And go to town and buy a Macintosh while you still
have free time and money left.
Posted by (39 comments )
Reply Link Flag
Basic security measures for Outlook
E-mail has always been a target for scheming hackers and fraudsters, attempting to spread all sorts of viruses, malware, phishing scams, etc.

Part of the problem with e-mail is determining its authenticity - how do you know that the author is legitimate, until you open the message? Outlook users can start being proactive in protecting their computers and sensitive information. Spam filters do part of the job, but more advanced security protection should be implemented in order to protect your inbox from illegitimate senders and malicious correspondences.
<a class="jive-link-external" href="http://www.essentialsecurity.com/FAQ.htm#1.4" target="_newWindow">http://www.essentialsecurity.com/FAQ.htm#1.4</a>
Posted by ml_ess (71 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.