On UrbanBaby: I won't vaccinate my daughter!
BNET Business Network:
BNET
TechRepublic
ZDNet

April 10th, 2007

MS Patch Tuesday: Vista dinged again

Posted by Ryan Naraine @ 11:02 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Flaw, Vulnerability, Microsoft Windows Vista, Microsoft Windows, Microsoft Corp., Ryan Naraine

The carefully crafted image of Windows Vista as the most secure operating system of all time is beginning to take a beating.

For the second time this month, Microsoft has shipped a security bulletin with patches for a “critical” Vista vulnerability that puts millions of users at risk of code execution attacks.

The update — MS07-021 — is one of five bulletins released in Microsoft’s scheduled batch of patches for April. Four of the five are rated “critical,” Microsoft’s highest severity rating.

The five bulletins contain fixes for a total of 8 vulnerabilities affecting multiple versions of Windows and the Microsoft Content Management Server.

The total patch count for April stands at 15, including the flaws covered in last week’s emergency animated cursor (.ani) update.

The remote code execution flaw that dinged Vista is an error in the way the Windows Client/Server Run-time Subsystem (CSRSS) process handles error messages. An attacker could exploit the vulnerability by constructing a specially crafted application that could potentially allow remote code execution.

In all, the MS07-021 update fixes three different CSRSS bugs, all affecting Vista. However, only one of the three is rated critical across the board. The risk from the other two are limited toprivilege escalation and denial-of-service conditions.

Here’s a brief synopsis of today’s patches:

MS07-018 (Critical) — Fixes two flaws in Microsoft’s Content Management Server, a product that allows customers to build, deploy, and maintain Web sites. One is a remote code execution vulnerability in the way HTTP requests are handled and the second bug could cause spooofing or cross-site scripting attacks.

MS07-019 (Critical) — A remote code execution vulnerability in the Universal Plug and Play service. An attacker can use specially crafted HTTP requests to run arbitrary code in the context of local service.

MS07-020 (Critical) — A remote code execution vulnerability in the way Microsoft Agent handles certain specially crafted URLs. This puts Windows users at risk of drive-by Web-based attacks.

MS07-021 (Critical) — This covers three different CSRSS vulnerabilities, all affecting Windows Vista and prior versions of Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. Exploit code for some of these are publicly available.

MS07-022 (Important) — A Windows kernel flaw that could allow privilege elevation attacks. This occurs the Windows Kernel allows for incorrect permissions to be used when mapping a memory segment.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 132 Talkback(s)
Ask Microsoft ?
In fact what is the whole point , they may sit on this flaw for two years . Who knows ? Microsoft isn't telling .... (Read the rest)
Posted by: Intellihence Posted on: 04/15/07 You are currently: a Guest | | Terms of Use
Interesting......  Laff | 04/10/07
Guess Bill G was wrong  ITGuy04 | 04/10/07
Basically  Brandon Dixon | 04/10/07
Let's not forget Devorak's comment...  UbiquitousGeek | 04/11/07
Patch Tuesday  Kobashrer | 04/10/07
any new code will have holes...  redtrain65 | 04/10/07
And still, with the momentum of the install base  Boot_Agnostic | 04/10/07
Nicely done, that...  heres_johnny | 04/11/07
DEP? UAC?  diane wilson | 04/10/07
Thank you...you are absolutely right!  GeiselS@... | 04/10/07
Your Right as Well  philscbx@... | 04/11/07
Proof it's Porn, White Paper  philscbx@... | 04/11/07
Proof it's Porn, White Paper  philscbx@... | 04/11/07
Not exploitable according to Dave Aitel  georgeou | 04/10/07
George, you really need to pay attention  Ryan NaraineZDNet Moderator | 04/10/07
Sorry, doing too many things  georgeou | 04/10/07
oh George - the hypocrisy  deaf_e_kate | 04/10/07
Who says he wasn't sensational?  georgeou | 04/10/07
Re: Who says he wasn't sensational?  deaf_e_kate | 04/11/07
First Vista-only bug? Already happened.  SecurityGeek_z | 04/10/07
reformatted  SecurityGeek_z | 04/10/07
Outside of UNIX  mdemuth | 04/10/07
No need for privilege escalation when...  ye | 04/10/07
Several IIS Worms Do Exactly That...  SecurityGeek_z | 04/11/07
This reminds me...  UbiquitousGeek | 04/11/07
"Most secure operating system of all time"?  rapson | 04/10/07
I thought the same thing at first  dragosani | 04/10/07
One point...  rapson | 04/10/07
semantics  deaf_e_kate | 04/10/07
Symantics?  thegestunkenaraygun | 04/11/07
Pinch yourself and wake the F up  ItsTheBottomLine | 04/11/07
Put the crack pipe down...  UbiquitousGeek | 04/11/07
This time, things wll be different?  gotitright | 04/10/07
Damned if they do, damned if they don't.  Uber Dweeb | 04/10/07
LOL  IslandBoy_77 | 04/10/07
and also get charged $129 for an upgrade  zzz1234567890 | 04/10/07
Just let this myth die, already  frgough | 04/10/07
It's not a myth, they are upgrades...  Heatlesssun1 | 04/10/07
News FLASH.....for any OS Linux, Windows, OSX you  Laff | 04/11/07
Really now?  Rick_K | 04/11/07
Not an upgrade?  Cayble | 04/10/07
Will you people get over it.......  Laff | 04/11/07
Just a little FYI...  Rick_K | 04/11/07
facts dont lie  zzz1234567890 | 04/10/07
4 Year old News?  philscbx@... | 04/11/07
No...But you do. (NT)  linux for me | 04/11/07
Here are some facts...  Rick_K | 04/11/07
I didn't have to buy a new Mac .  Intellihence | 04/15/07
Technically you are correct  Badgered | 04/11/07
Well and Microsoft charges $400 dollars for upgrades  mrlinux | 04/11/07
You're right MS sucks but for a lot of reasons  intrepi@... | 04/10/07
Rushed to Market?  fordomatic69@... | 04/11/07
Microsoft Sucks, quote  philscbx@... | 04/11/07
Correct me if I'm wrong, but  Michael Kelly | 04/10/07
They said it was secure.  Hrothgar - PCLinuxOS User | 04/10/07
If we're going to be dealing in those kind of absolutes  Michael Kelly | 04/11/07
As part of the "pizzaz" behind Vista  Hrothgar - PCLinuxOS User | 04/12/07
Not quite  Badgered | 04/11/07
Microsoft sat on the .ani issue for over two years .  Intellihence | 04/15/07
They just don't get it...  ItsTheBottomLine | 04/11/07
MS07-019 not exploitable  georgeou | 04/10/07
Sorry, I pointed to wrong bug  georgeou | 04/10/07
That wouldn't happen  deaf_e_kate | 04/11/07
Life Can be a Real Patch Sometimes!  D-T-Schmitz | 04/10/07
Yeah right .  Intellihence | 04/15/07
Complexity is the problem  cls@... | 04/10/07
What he said.  Resuna | 04/10/07
Another patch is a good thing!  fuzzy2k | 04/10/07
I have to say that Vista is doing much better.  ye | 04/10/07
Millions?  c4kays@... | 04/10/07
Didn't I just read ...  Media-Ted@... | 04/10/07
Anyone seeing this in Windows Update?  ye | 04/10/07
Got Them  Jhaks | 04/11/07
millions of users at risk  dermottr@... | 04/10/07
What we need to know as users  Heatlesssun1 | 04/10/07
I wouldn't make that assumption  ye | 04/10/07
That's my point..  Heatlesssun1 | 04/10/07
The CSRSS process runs as SYSTEM  ye | 04/10/07
I believe that DEP is on for csrss.exe by default  Heatlesssun1 | 04/10/07
Microsoft always catches flack.  ye | 04/11/07
Were we expecting that or were we told to expect that?  Laff | 04/11/07
It's an expectation set by the ABMers.  ye | 04/11/07
Microsoft made the claim...  Rick_K | 04/12/07
Ask Microsoft ?  Intellihence | 04/15/07
Microsoft Drops the Ball, Again!!!  jfusstw | 04/10/07
there already is...It's called Linux.....  linux for me | 04/11/07
Linux contains no flaws?  ye | 04/11/07
Never said that....  linux for me | 04/12/07
That's the implication the read is left with.  ye | 04/12/07
Cheese with that?  TechnoCritter | 04/11/07
Please define drop the ball better  Heatlesssun1 | 04/10/07
Just Get a Mac !!  Tigerr | 04/10/07
Good idea!  the_fiddler_on_the_roof | 04/10/07
You don't leave much to argue about  intrepi@... | 04/10/07
Just Get a Mac !! NOT!  linuxiac | 04/11/07
contradiction  Badgered | 04/11/07
Name a platform  Hrothgar - PCLinuxOS User | 04/13/07
Is anyone surprised?  kraterz | 04/10/07
More FUD...  Heatlesssun1 | 04/10/07
"Microsoft senior vice president Bob Muglia...  msalzberg | 04/11/07
Interesting information.  ye | 04/11/07
No exploits of Vista so far.  ye | 04/10/07
MS has the cure for Vista - it's called Onecare  intrepi@... | 04/10/07
Try Mine  philscbx@... | 04/11/07
alas if vista was a lego block  amj2006 | 04/11/07
Talk about...  Jhaks | 04/11/07
Vista - Another ME?  Savemyboat | 04/11/07
Oh please!  mwagner@... | 04/11/07
No Thank You  UbiquitousGeek | 04/11/07
BSD or GNU/Linux are "Most Secure"  linuxiac | 04/11/07
Yet they have a miniscule market share....  James T. Kirk | 04/11/07
Marketshare is irrelevant wrt how secure an OS is...  ye | 04/11/07
Of course.  James T. Kirk | 04/11/07
History......  Laff | 04/11/07
The fact is it's not  ye | 04/11/07
That's easy.  fuzzy2k | 04/11/07
why?  mrbass21@... | 04/11/07
What makes you think they haven't?  ye | 04/11/07
/agree  mrbass21@... | 04/11/07
You are speaking to the wrong group  bschmidt@... | 04/11/07
Secure OSes? NOT!  DonBurnett | 04/11/07
OMG  uM0p ap!sdn | 04/12/07
Have you experienced any problems?  bschmidt@... | 04/11/07
Agreed!  Oregon_Polar | 04/11/07
Security issues are real  ye | 04/11/07
Welcome to my world  uM0p ap!sdn | 04/12/07
Vista is already the Most Widely Used Software  bcroner | 04/11/07
How?  Oregon_Polar | 04/11/07
"who is to blame?"  Ole Man | 04/11/07
LMAO.....Vista Secure?????  mrdood_99205@... | 04/11/07
Bigger Hard drive  pjwilson1@... | 04/11/07
Who said it? Microsoft said it!!!  bwolf@... | 04/12/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here