Sign in with
Sign up | Sign in
Your question

New MS Security Bulletin MS03-040

Last response: in Windows XP
Share
October 4, 2003 4:57:20 PM

Title: <A HREF="http://www.microsoft.com/technet/treeview/default.asp?u..." target="_new">Cumulative Patch for Internet Explorer (828750)</A>
Date: October 3, 2003
Software: Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-040

<A HREF="http://www.microsoft.com/security/security_bulletins/MS..." target="_new">What You Should Know About Microsoft Security Bulletin MS03-040 (828750)</A>

Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
In addition, it eliminates the following newly discovered
vulnerabilities:


A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server in a
popup window. It could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user
visited an attacker's Web site, it would be possible for the attacker
to exploit this vulnerability without any other user action. An
attacker could also craft an HTML-based e-mail that would attempt to
exploit this vulnerability.


A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server during
XML data binding. It could be possible for an attacker who exploited
this vulnerability to run arbitrary code on a user's system. If a
user visited an attacker's Web site, it would be possible for the
attacker to exploit this vulnerability without any other user action.
An attacker could also craft an HTML-based e-mail that would attempt
to exploit this vulnerability.


A change has been made to the method by which Internet Explorer
handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer
Restricted Zone. It could be possible for an attacker exploiting a
separate vulnerability (such as one of the two vulnerabilities
discussed above) to cause Internet Explorer to run script code in the
security context of the Internet Zone. In addition, an attacker could
use Windows Media Player's (WMP) ability to open URL's to construct
an attack. An attacker could also craft an HTML-based e-mail that
could attempt to exploit this behavior.


To exploit these flaws, the attacker would have to create a specially
formed HTML-based e-mail and send it to the user. Alternatively an
attacker would have to host a malicious Web site that contained a Web
page designed to exploit these vulnerabilities. The attacker would
then have to persuade a user to visit that site.


As with the previous Internet Explorer cumulative patches released
with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this
cumulative patch will cause window.showHelp( ) to cease to function
if you have not applied the HTML Help update. If you have installed
the updated HTML Help control from Knowledge Base article 811630, you
will still be able to use HTML Help functionality after applying this
patch.


In addition to applying this security patch it is recommended that
users also install the Windows Media Player update referenced in
Knowledge Base Article 828026. This update is available from Windows
Update as well as the Microsoft Download Center for all supported
versions of Windows Media Player. While not a security patch, this
update contains a change to the behavior of Windows Media Player's
ability to launch URL's to help protect against DHTML behavior based
attacks. Specifically, it restricts Windows Media Player's ability
to launch URL's in the local computer zone from other zones.


Mitigating Factors:
====================
- -By default, Internet Explorer on Windows Server 2003 runs in
Enhanced
Security Configuration. This default configuration of Internet
Explorer
blocks automatic exploitation of this attack. If Internet Explorer
Enhanced Security Configuration has been disabled, the protections
put in place that prevent this vulnerability from being automatically
exploited would be removed.


- -In the Web-based attack scenario, the attacker would have to host a
Web site that contained a Web page used to exploit this
vulnerability. An attacker would have no way to force a user to
visit a malicious Web Site. Instead, the attacker would need to lure
them there, typically by getting them to click a link that would take
them to the attacker's site.


- -Exploiting the vulnerability would allow the attacker only the same
privileges as the user. Users whose accounts are configured to have
few privileges on the system would be at less risk than ones who
operate with administrative privileges.


Risk Rating:
============
-Critical

Please go to Windows Update and install the patches, even if Internet Explorer is not being used as your web browser.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>

More about : security bulletin ms03 040

October 5, 2003 1:52:36 AM

*BUMP*

Only seven views after an entire day? It's no wonder that people have problems with security, and then blame MS when worms infiltrate their systems. It's much easier to be angry and scream and shout later on, after a system is already compromised ... than instead, to do something constructive, such as take five minutes to apply a couple of patches.

Such is the nature of things, I suppose.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new"><font color=green>My System Rigs</font color=green></A>
___________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>
October 5, 2003 3:55:24 AM

I visit Windows Update every time an issue like this arrises. It's a shame that after all these massive vulnerabilities have been exposed, people still dont hurry to update their machines.
Related resources
October 5, 2003 4:22:37 PM

i always read your posts toey and also very grateful for the time you spend helping people including myself in the past.i just don't manage to visit this site every day
many thanks for the info
waggers
October 6, 2003 11:43:05 AM

/bump

<b><font color=red> “Liberals have many tails and chase them all.” – H.L. Mencken </font color=red><b>
!