Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft releases two patches for three flaws

Microsoft today pushed out two fixes to close three vulnerabilities, including two "critical" server-side flaws that do not require any user interaction to be exploited.

The critical bugs, undisclosed until today, are located in the transmission control protocol/internet protocol (TCP/IP) kernel driver. Users' PCs can be exploited if they are sent maliciously crafted multicast or ICMP (internet control message protocol) packets.

The latter request could result in a DoS attack, while the former could lead to remote code execution, Eric Schultze, chief technology officer of Shavlik Technologies, told SCMagazineUS.com today.

Schultze said both protocols -- multicast and ICMP -- usually are not turned on by default, but administrators should nevertheless take the bugs seriously.

"We haven't seen a good remote code execution [flaw] in a while," he said. "It will ignite some enthusiasm with some of the hackers. So many of the vulnerabilities lately have been what I call client-side, meaning the end-user has to visit a website or something."

Amol Sarwate, director of Qualys' vulnerability research lab, said both protocols are normally enabled. He said ICMP is turned on by default in Windows XP and Vista, and multicast is enabled by default in Vista, but not XP.

The second bulletin corrects an "important" privilege-escalation vulnerability in the Microsoft Windows Local Security Authority Subsystem Service (LSASS). It does not impact Vista.

Andrew Storms, director of security operations for nCircle, said the flaw is not "too dangerous because it is a local-only vulnerability that requires valid login credentials for execution."

But when combined with other holes, it becomes more severe, said Schultze.

One notable vulnerability that went unfixed was a flaw in the Microsoft Web Proxy Automatic Discovery (WPAD) feature, disclosed a week prior to December's Patch Tuesday release. The flaw could be exploited to propagate a man-in-the-middle attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.