Another Flaw Found in Microsoft VM

Microsoft on Wednesday warned of another critical
security hole in Microsoft virtual machine (VM) that could allow an intruder
to take control of vulnerable Windows systems.

The latest alert comes on the heels of another Microsoft VM vulnerability
which was detected and
patched
last December.

The software giant slapped its maximum security rating on the latest flaw
and urged VM users to install build 3810 or later. “All builds of the
Microsoft VM up to and including build 5.0.3809 are affected by these
vulnerabilities,” the company warned.

Microsoft VM is a virtual machine for the Win32 environment and ships in
most versions of Windows and Internet Explorer.

The alert cautioned that the security
vulnerability affects the ByteCode Verifier component of the Microsoft VM,
and results because the ByteCode verifier does not correctly check for the
presence of certain malicious code when a Java applet is being loaded.

“The attack vector for this new security issue would likely involve an
attacker creating a malicious Java applet and inserting it into a web page
that when opened, would exploit the vulnerability. An attacker could then
host this malicious web page on a web site, or could send it to a user in
e-mail,” the company said.

For a Web-based attack to be successful, Microsoft said a user would have
to be lured into visiting a web site that the attacker controlled.

Because Java applets are disabled within the Restricted Sites Zone, any
mail client that opened HTML mail within the Restricted Sites Zone, such as
Outlook 2002, Outlook Express 6, or Outlook 98 or 2000 when used in
conjunction with the Outlook Email Security Update, would not be at risk
from the mail-based attack vector.

The latest security hole would only allow an intruder to gain the
privileges of the user, the company said, noting that customers who operate
with less than administrative privileges would be at less risk from the
vulnerability. It urged IT administrators to limit the risk posed to their
users by using application filters at the firewall to inspect and block
mobile code.

The company also released the 12th security alert for the year, warning
of a flaw in the Winsock Proxy Service and ISA Firewall Service that could
lead to denial-of-service scenarios.

The company urged sysadmins running Microsoft Proxy Server 2.0 or
Microsoft Internet Security and Acceleration (ISA) Server 2000 to apply a
patch to fix the vulnerability.

An attacker on the internal network could target the flaw and send a
specially crafted packet that would cause the server to stop responding to
internal and external requests. Receipt of such a packet would cause CPU
utilization on the server to reach 100 percent, making the server
unresponsive.

The Winsock Proxy service and Microsoft Firewall service work with FTP,
telnet, mail, news, Internet Relay Chat (IRC), or other client applications
that are compatible with Windows Sockets (Winsock).

News Around the Web