PDR: 3 September 2003
Everyone keeps coming up with these themes to write about every day. You know, some kind of summary of the stuff they came across during the day. After my rant about software updates, I'm going to post a weekly synopsis of the patches released on TechNet. In case you didn't know, every Wednesday is Microsoft Patch Day (corroboration here). So I'm starting a weekly Patch Day Review (PDR). Each week, I'll give you a brief summary of the new patches available and give you direct download links, so you don't have to wade through all the garbage to get to them. This took me a lot of time to compile, so I hope it's useful to someone.
 |
WINDOWS: Flaw in NetBIOS Could Lead to Information Disclosure (824105) This error basically means that in some situations, when a computer requests to talk to another computer via computer name instead of an IP address, the response could contain a random part of the responding computer's memory. If you set your firewall to block port 137 requests from the Internet (which you should do if you haven't), this error will not affect you. If you blocked this port in response to the MSBlaster attack, you should be fine. Install the patch anyway. Patches: Windows Server 2003 | Windows XP | Windows 2000 Server | More Here References: TechNet Version | End User Version |
 |
OFFICE: Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653) Basically if someone knew what they were doing, they could create a document with a sinister macro that could bypass the built-in Macro Security and run without you knowing. The attacker could not force the document to be opened though, so it's only a problem if you open a document that you don't know where it came from. Patches: Word 2002 | Word 2000 | Word 97 & 98 | Office Update References: TechNet Version | End User Version |
|
OFFICE: Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103) Sort of like the previous problem, someone could make a WordPerfect document that could allow code to be run when you try to open it in an Office program. This one affects the whole Office suite, because all Office programs can use the converter. There is no way for an attack to happen automatically via e-mail; as with the problem above, the user has to open the document. Patches: Office XP (2002) Suite | Office 2000 Suite | Office 97 & 98 Suite | Office Update References: TechNet Version | End User Version |
 |
OFFICE: Flaw in Visual Basic for Applications Could Allow Code Execution (822715) Well, we've been through this a few times already today. It's the same scenario as above. Jerk sends e-mail with a macro attached, e-mail is replied to, and bad code can be run. This one is a doozy that affects all Office versions (fixed in 2003), so make sure you install the proper patch. My recommendation is to just go to Office Update and run it from there. Patches: Office XP (2002) Suite | Office 2000 Suite | Most Other MS Apps | More Here | Office Update References: TechNet Version | End User Version |
 |
OFFICE: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104) I'm hoping at this point that Microsoft will be doing a better job from here on out in having their applications check document parameters. Each of the Office vulnerabilities this week stem from Office doing an impression of Stevie Wonder as an airport security agent when it opens files. Same drill as above, but this one only affects the Access Snapshot Viewer, not Access itself. Who uses Access anymore anyway? Patches: Access 2002 | Access 2000 | Access 97 & 98 | Office Update References: TechNet Version | End User Version |
This week's lesson: Do not open documents unless you know where they came from.
Well, that wraps up this week's Patch Day Review. Tune in next week, where I'll give you another recap from the MS Security frontlines. Until then, this is your war correspondent wishing you goodnight, and good luck.