Microsoft Plugs Three More Security Holes

Software behemoth Microsoft on Wednesday issued
patches for three security holes detected in the Windows platform, including
a “critical” vulnerability that could allow code execution.

Research firm ISS X-Force raised its alert level to AlertCon 2 for the
buffer overflow vulnerability in the RPC Interface, warning that it poses an
“enormous threat.”

“Exploitation of this vulnerability should not be considered trivial, due
to the potential impact, threats could quickly surface,” X-Force said.

Microsoft issued a patch
for the vulnerability, which affects Windows NT 4.0, Windows NT 4.0
Terminal Services Edition, Windows 2000, Windows XP and Windows Server
2003.

It is the first “critical” flaw discovered and fixed in the new Windows
Server 2003.

the Remote Procedure Call (RPC) protocol provides an inter-process
communication mechanism that allows a program running on one computer to
seamlessly execute code on a remote system. The security hole was detected
into the section of RPC that deals with message exchange over TCP/IP,
Microsoft explained.

“An attacker who successfully exploited this vulnerability would be able
to run code with Local System privileges on an affected system. The attacker
would be able to take any action on the system, including installing
programs, viewing changing or deleting data, or creating new accounts with
full privileges,” according to the alert.

Separately, Microsoft issued a warni
ng
for an unchecked buffer in Windows Shell that could allow system
compromise. The flaw, which only affects Windows XP, carries an “important”
rating.

The company said an unchecked buffer exists in one of the functions used
by the Windows shell to extract custom attribute information from certain
folders. A security vulnerability results because it is possible for a
malicious user to construct an attack that could exploit this flaw and
execute code on the user’s system.

A third
security alert
was also released for a cross-site scripting
vulnerability found in error pages that are returned by the Internet
Security and Acceleration (ISA) Server 2000. That flaw also carries an
“important” rating.

News Around the Web