Another week, a bunch of MS Security holes plugged!

Microsoft today just released another update on a security hole. This honestly is good, that the holes are being identified and being plugged. Yes, I am sure there are the “bashers” who would scoff at it, but the reality is, in the millions of lines of code across various products, such thing creeps in and its better to accept the responsibility (Microsoft) and do something about it rather than being in denial.

The bulletin today affects various components of the OS that address network-based remote compromise vulnerabilities in the SMTP service, NTTP service, and NetDDE. Also, on the client side a serious vulnerability has been discovered in compressed (zip) folders. Below is a breakdown of the products:

  1. SMTP Vulnerability (MS04-035)
    • Exchange Server 2003
    • Windows Server 2003
    • Windows XP 64-bit edition
  2. NNTP Vulnerability (MS04-036)
    • Exchange 2000 Server
    • Exchange Server 2003
    • Windows NT 4.0
    • Windows 2000 Server
    • Windows Server 2003
  3. NetDDE Remote Compromise (MS04-031)
    • Windows 2000
    • Windows XP
    • Windows NT 4.0
  4. Compressed Folders Vulnerability (MS04-034)
    • Windows XP
    • Windows 2003

NNTP – A remotely-exploitable buffer overflow condition exists in the NNTP service of modern Windows operating systems. An attacker may gain full control of a vulnerable system through a maliciously-crafted NNTP query. The NNTP service is only enabled by default on installations of Exchange 2000 Server, although it can be manually enabled on other installations.

NetDDE – Network Dynamic Data Exchange is a protocol used for disparate applications to exchange data across a network. It has been largely and essentially was the precursor to DCOM. The NetDDE service contains a buffer overflow vulnerability which might be exploited by a remote and unauthenticated attacker. The NetDDE service does not start by default on modern Windows operating systems. The NetDDE service may be launched without user knowledge by legitimate applications On Windows 2000 and XP. This makes it possible for a user to inadvertently start the NetDDE service. However, on Windows Server 2003 and XP SP2, the NetDDE service is disabled and cannot be started unless explicitly enabled.

Zip/Compressed Folders – Windows XP and Windows Server 2003 have support for Zip file archives bundled in with the operating system through a feature called “Compressed Folders”. If a user can be persuaded to open a maliciously-crafted Zip archive, a buffer overflow vulnerability can be triggered which could lead to remote code execution. Zip archives are commonly regarded as a more-trusted file format, increasing the potential for exploitation.

More Information:

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.