RealTime IT News

Microsoft Patches Five in Cycle

Microsoft today issued five patches in its latest patch cycle, addressing problems with WordPad, DHCP, HyperTerminal, Windows Kernel and WINS.

Security Bulletin MS04-041 concerns vulnerabilities in WordPad that could have potentially allowed a remote user to execute arbitrary code. The Table Conversion Vulnerability and the Font Conversion Vulnerability on their own, or in combination, could ultimately allow the successful exploiter to take control of a system.

MS04-042 addresses the Logging and DHCP Request vulnerabilities on Microsoft NT 4.0. Other flavors of windows, including Windows 98, 2000, Server 2003 and XP SP1 and SP2, are not affected. In the Logging vulnerability, a Denial of Service vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server, said the Microsoft bulletin.

In the DHCP Request vulnerability, a remote code execution vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server, according to the bulletin. However, said Microsoft, attempts to exploit this vulnerability would most likely result in a DoS of the DHCP Server service.

The HyperTerminal Vulnerability affects all versions of Windows except for Windows 98, 98SE and ME. "A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun," according to Security Bulletin MS04-043. "An attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution. An attacker could then persuade a user to open this file."

Microsoft grouped the Windows Kernel Vulnerability together with the LSASS Vulnerability in Security Bulletin MS04-044. The two vulnerabilities allow for a privilege elevation that would permit an attacker to compromise a system.

The final patch corrects a flaw in WINS that was first detected at the beginning of December. The Name Validation Vulnerability, according to Security Bulletin MS04-045, could allow an attacker to exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system.

The other vulnerability cited in this bulletin, the Association Context Vulnerability, could allow an attacker to construct "a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, attempts to exploit this vulnerability would most likely result in a denial of service on Windows Server 2003. The service would have to be restarted to restore functionality. that alone or in combination could allow a system to be violated."

There were no specific Microsoft Internet Explorer patches in this latest update cycle from Redmond. The last patch was released out of cycle on Dec. 1 to correct an IFRAME vulnerability.