Today, Microsoft released eight security bulletins describing vulnerabilities in components shipping with most current versions of Windows. By enticing one of your users to a malicious Web site, or sending them a maliciously crafted email, a remote attacker could exploit the worst of these flaws to gain complete control of the victim's PC. For a table summarizing which vulnerabilities affect which versions of Windows, see Microsoft's Security Bulletin Summary for June and expand the "Affected Software and Download Location" section. If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.
Exposure:
Microsoft's eight security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below.
MS06-022: ART Image Buffer Overflow Vulnerability
Microsoft describes a buffer overflow vulnerability in the Windows rendering library that displays ART images, an image file format used by the America Online (AOL) client software. By enticing one of your users to a malicious Web page containing a specially crafted ART image, or sending it in an HTML email, an attacker could exploit this flaw to execute code on your user's computer, inheriting your user's privileges. If you assign your users local administrative rights, an attacker could exploit this to take complete control over their PCs.
Microsoft rating: Critical.
MS06-023: Jscript Memory Corruption Vulnerability
Jscript is a scripting language used to write programs. A Jscript interpreter ships with Windows. This interpreter suffers from a memory corruption vulnerability. If an attacker can entice one of your users to a Web site containing a specially crafted Jscript file, she could exploit this vulnerability to execute code on your users computer, with your user's privileges and permissions. Since most Windows users have local administrative privileges, attackers typically can exploit this flaw to gain complete control of the victim machine.
Microsoft rating: Critical.
MS06-024: Windows Media Player PNG Vulnerability
Microsoft's alert describes a buffer overflow vulnerability involving the way Windows Media Player (WMP) handles PNG image files. By enticing one of your users into downloading a PNG file, and opening it with Media Player, an attacker could exploit this flaw to execute code on your user's machine, inheriting your user's privileges and permissions. As usual, if your users have local administrative privileges, the attacker can exploit this to take complete control of the victim machine.
Microsoft rating: Critical.
MS06-025: Two Buffer Overflow Vulnerabilities in RRAS
Windows ships with the Routing and Remote Access Service (RRAS) which allows your computer to act as a router and provide remote access services. Microsoft discovered two buffer overflow vulnerabilities in this service. Although they differ technically, both vulnerabilities have the same scope and impact. By sending a specially crafted message, an attacker could exploit these flaws to take complete control of Windows 2000 and XP SP1 machines. To exploit these flaws against Windows XP SP2 or 2003, an attacker must first gain local access to the targeted machine.
Microsoft rating: Critical.
MS06-026: Windows 98 and ME WMF Vulnerability
Windows uses the Graphics Rendering Engine to display various types of image files. Microsoft describes a vulnerability in Windows 98 and ME involving how the Graphics Rendering Engine handles Windows Metafile (WMF) image files. By enticing one of your users into downloading and opening a malicious WMF file, an attacker could exploit this flaw to execute code on your user's machine, inheriting your user's privileges and permissions. You know the drill by now: if your users have local administrative privileges, the attacker can exploit this flaw to take complete control of the victim machine. This flaw sounds very similar to another WMF flaw we reported in January that affected all other version of Windows.
Microsoft rating: Critical.
MS06-030: Two SMB Vulnerabilities
Server Message Block (SMB) is a protocol Windows uses to share resources such as files and printers. Microsoft's alert describes both a privilege elevation and a Denial of Service vulnerability that affects the Windows SMB service. In order to exploit either vulnerability, an attacker must log in to a machine using valid credentials (whether locally or via terminal or remote access services). Once logged on, the attacker can run a specially crafted program to take complete control of the targeted Windows machine.
Microsoft rating: Important.
MS06-031: Win2K RPC Spoofing Vulnerability
Remote Procedure Call (RPC) is a protocol that allows one computer (a client) to execute a program on another computer (a server). Using mutual authentication over Secure Socket Layer (SSL), Windows can try to verify the identities of the client and server participating in RPC communication. Microsoft discovered a flaw in Windows 2000's mutual authentication that could allow an attacker to spoof (impersonate) a valid RPC server. However, in order to exploit this flaw an attacker would have to persuade his victim to connect to his malicious RPC server. Since most administrators restrict RPC traffic to their local network, this type of attack most likely could only be used as a local threat.
Microsoft rating: Moderate.
MS06-032: TCP/IP Protocol Driver Buffer Overflow Vulnerability
The TCP/IP Protocol Driver ships with Windows and handles all TCP/IP traffic. Unfortunately, this driver suffers from a buffer overflow flaw involving its IP source routing, a rarely used TCP/IP mechanism that allows a sender to determine the IP route that a datagram should take through a network. By sending a specially crafted TCP/IP packet, an attacker could exploit this flaw to gain complete control of any Windows computer. This flaw sounds very severe except for one big caveat: IP source routing is not enabled by default, and few Windows users or administrators enable it. However, if you do enable IP source routing, this flaw poses a serious risk.
Microsoft rating: Important.
Exposure:
Microsoft's eight security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. We summarize these vulnerabilities below.
MS06-022: ART Image Buffer Overflow Vulnerability
Microsoft describes a buffer overflow vulnerability in the Windows rendering library that displays ART images, an image file format used by the America Online (AOL) client software. By enticing one of your users to a malicious Web page containing a specially crafted ART image, or sending it in an HTML email, an attacker could exploit this flaw to execute code on your user's computer, inheriting your user's privileges. If you assign your users local administrative rights, an attacker could exploit this to take complete control over their PCs.
Microsoft rating: Critical.
MS06-023: Jscript Memory Corruption Vulnerability
Jscript is a scripting language used to write programs. A Jscript interpreter ships with Windows. This interpreter suffers from a memory corruption vulnerability. If an attacker can entice one of your users to a Web site containing a specially crafted Jscript file, she could exploit this vulnerability to execute code on your users computer, with your user's privileges and permissions. Since most Windows users have local administrative privileges, attackers typically can exploit this flaw to gain complete control of the victim machine.
Microsoft rating: Critical.
MS06-024: Windows Media Player PNG Vulnerability
Microsoft's alert describes a buffer overflow vulnerability involving the way Windows Media Player (WMP) handles PNG image files. By enticing one of your users into downloading a PNG file, and opening it with Media Player, an attacker could exploit this flaw to execute code on your user's machine, inheriting your user's privileges and permissions. As usual, if your users have local administrative privileges, the attacker can exploit this to take complete control of the victim machine.
Microsoft rating: Critical.
MS06-025: Two Buffer Overflow Vulnerabilities in RRAS
Windows ships with the Routing and Remote Access Service (RRAS) which allows your computer to act as a router and provide remote access services. Microsoft discovered two buffer overflow vulnerabilities in this service. Although they differ technically, both vulnerabilities have the same scope and impact. By sending a specially crafted message, an attacker could exploit these flaws to take complete control of Windows 2000 and XP SP1 machines. To exploit these flaws against Windows XP SP2 or 2003, an attacker must first gain local access to the targeted machine.
Microsoft rating: Critical.
MS06-026: Windows 98 and ME WMF Vulnerability
Windows uses the Graphics Rendering Engine to display various types of image files. Microsoft describes a vulnerability in Windows 98 and ME involving how the Graphics Rendering Engine handles Windows Metafile (WMF) image files. By enticing one of your users into downloading and opening a malicious WMF file, an attacker could exploit this flaw to execute code on your user's machine, inheriting your user's privileges and permissions. You know the drill by now: if your users have local administrative privileges, the attacker can exploit this flaw to take complete control of the victim machine. This flaw sounds very similar to another WMF flaw we reported in January that affected all other version of Windows.
Microsoft rating: Critical.
MS06-030: Two SMB Vulnerabilities
Server Message Block (SMB) is a protocol Windows uses to share resources such as files and printers. Microsoft's alert describes both a privilege elevation and a Denial of Service vulnerability that affects the Windows SMB service. In order to exploit either vulnerability, an attacker must log in to a machine using valid credentials (whether locally or via terminal or remote access services). Once logged on, the attacker can run a specially crafted program to take complete control of the targeted Windows machine.
Microsoft rating: Important.
MS06-031: Win2K RPC Spoofing Vulnerability
Remote Procedure Call (RPC) is a protocol that allows one computer (a client) to execute a program on another computer (a server). Using mutual authentication over Secure Socket Layer (SSL), Windows can try to verify the identities of the client and server participating in RPC communication. Microsoft discovered a flaw in Windows 2000's mutual authentication that could allow an attacker to spoof (impersonate) a valid RPC server. However, in order to exploit this flaw an attacker would have to persuade his victim to connect to his malicious RPC server. Since most administrators restrict RPC traffic to their local network, this type of attack most likely could only be used as a local threat.
Microsoft rating: Moderate.
MS06-032: TCP/IP Protocol Driver Buffer Overflow Vulnerability
The TCP/IP Protocol Driver ships with Windows and handles all TCP/IP traffic. Unfortunately, this driver suffers from a buffer overflow flaw involving its IP source routing, a rarely used TCP/IP mechanism that allows a sender to determine the IP route that a datagram should take through a network. By sending a specially crafted TCP/IP packet, an attacker could exploit this flaw to gain complete control of any Windows computer. This flaw sounds very severe except for one big caveat: IP source routing is not enabled by default, and few Windows users or administrators enable it. However, if you do enable IP source routing, this flaw poses a serious risk.
Microsoft rating: Important.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.