RealTime IT News

Mini Patch Day For Microsoft

Microsoft users got a near free pass as the company issued a single critical patch today.

As part of its monthly patch cycle, Microsoft also expanded its monthly advisory reporting going beyond security bulletins with additional items that impact users' security.

All told May's security tally includes one security bulletin for its Windows Media Player and two advisories. Microsoft Security Bulletin MS05-024 is titled, "Vulnerability in Web View Could Allow Remote Code Execution." The bug affects Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4. Window XP users are not affected by the vulnerability. The bulletin has a CVE reference of CAN-2005-1191 and is publicly known as the "Web View Script Injection Vulnerability" and is a remotely exploitable weakness.

"A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields," Microsoft's Bulletin states. "By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user."

This month also marks the introduction of Microsoft Security Advisories, which are security items that do not have a bona fide Microsoft Security Bulletin attached to them. The aim according to Microsoft is to provide information and guidance about security related changes that impact users overall security.

Microsoft Security Advisory 892313, for example, details how a default setting in Windows Media Player DRM could allow a user to potentially open a Web page without requesting permission. The advisory does not provide any new information or a new update, which was already made in March 2005. The first publicly reported vulnerability with Windows Media DRM occurred in January of 2005. The purpose of today's advisory, according to Microsoft, is," Notification of the availability of the update to help protect against this potential threat."

Microsoft Security Advisory 842851 is a clarification of the SMTP Tar Pit feature that had been available as an update and is now part of Exchange Server 2003 and Windows Server 2003 Service Pack 1. SMTP tar pitting is an approach the delays server responses for patterns that are thought to be spam or other such unwanted SMTP traffic. Microsoft is now saying that it does not require or recommend that all customers implement this feature.

"It has been provided as an option for reducing the effectiveness of certain attacks that utilize standard features of the simple mail transfer protocol (SMTP)," the advisory states. "By default, the tar pit feature is disabled. The tar pit feature is one option available to help combat threats when using the SMTP protocol."

Microsoft has also updated its Windows Malicious Software Removal Tool this month to remove "Delprot" variants also known as Sdbot and Ispro.

Last month's update patched 18 different vulnerabilities including three for Internet Explorer. The May update is the first in months not to include an Internet Explorer update, though security firm Secunia still lists 19 vulnerabilities as being un-patched.

On the other side of the browser coin, the open source Mozilla Firefox browser is currently reeling from a zero-day exploit for which proof of concept code is already widely available.