CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  


Closed Thread
 
Thread Tools Display Modes
  #1  
Old May 16, 2002, 02:26 AM
Lazza Lazza is offline
suspended
 
Join Date: Nov 2001
Posts: 4,789
Exclamation Yet another CRITICAL Microsoft IE patch!!!

sponsored links

 
When will they get this right? This is a cumulative patch with all the old ones included but also included is a new one for [B]6 more[/B] vulnerabilities!!!

Would you put your total trust in Uncle Bill? <LOL>

Read and download here: ***********.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-023.asp

================================================== ===

Title: 15 May 2002 Cumulative Patch for Internet Explorer
(Q321232)
Date: 15 May 2002
Software: Internet Explorer
Impact: Six new vulnerabilities, the most serious of which could
allow code of attacker's choice to run.
Max Risk: Critical
Bulletin: MS02-023

Microsoft encourages customers to review the Security Bulletin at:
***********.microsoft.com/technet/security/bulletin/MS02-023.asp.
- ----------------------------------------------------------------------

Issue:
======
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:


- A cross-site scripting vulnerability in a Local HTML Resource.
IE ships with several files that contain HTML on the local file
system to provide functionality. One of these files contains a
cross-site scripting vulnerability that could allow a script to
execute as if it were run by the user herself, causing it to run
in the local computer zone. An attacker could craft a web page
with a URL that exploits this vulnerability and then either host
that page on a web server or send it as HTML email. When the web
page was viewed and the user clicked on the URL link, the
attacker's script injected into the local resource, the
attacker's script would run in the Local Computer zone, allowing
it to run with fewer restrictions than it would otherwise have.

- An information disclosure vulnerability related to the use of am
HTML object provides that support for Cascading Style Sheets that
could allow an attacker to read, but not add, delete or change,
data on the local system. An attacker could craft a web page
that exploits this vulnerability and then either host that page
on a web server or send it as HTML email. When the page was
viewed, the element would be invoked. Successfully exploiting this
vulnerability, however, requires exact knowledge of the location
of the intended file to be read on the user's system. Further,
it requires that the intended file contain a single, particular
ASCII character.

- An information disclosure vulnerability related to the handling
of script within cookies that could allow one site to read the
cookies of another. An attacker could build a special cookie
containing script and then construct a web page with a hyperlink
that would deliver that cookie to the user's system and invoke
it. He could then send that web page as mail or post it on a
server. When the user clicked the hyperlink and the page invoked
the script in the cookie, it could potentially read or alter the
cookies of another site. Successfully exploiting this, however,
would require that the attacker know the exact name of the
cookie as stored on the file system to be read successfully.

- A zone spoofing vulnerability that could allow a web page to be
incorrectly reckoned to be in the Intranet zone or, in some very
rare cases, in the Trusted Sites zone. An attacker could construct
a web page that exploits this vulnerability and attempt to entice
the user to visit the web page. If the attack were successful,
the page would be run with fewer security restrictions than
is appropriate.

- Two variants of the "Content Disposition" vulnerability
discussed in Microsoft Security Bulletin MS01-058 affecting how
IE handles downloads when a downloadable file's
Content-Disposition and Content-Type headers are
intentionally malformed. In such a case, it is possible for
IE to believe that a file is a type safe for automatic
handling, when in fact it is executable content. An attacker
could seek to exploit this vulnerability by constructing a
specially malformed web page and posting a malformed executable
file. He could then post the web page or mail it to the intended
target. These two new variants differ from the original
vulnerability in that they for a system to be vulnerable, it
must have present an application present that, when it is
erroneously passed the malformed content, chooses to hand it
back to the operating system rather than immediately raise
an error. A successful attack, therefore, would require that
the attacker know that the intended victim has one of these
applications present on their system.

Finally, it introduces a behavior change to the Restricted Sites zone. Specifically, it disables frames in the Restricted Sites zone. Since the Outlook Express 6.0, Outlook 98 and Outlook 200 with the Outlook Email Security Update and Outlook 2002 all read email in the Restricted Sites zone by default, this enhancement means that those products now effectively disable frames in HTML email by default. This new behavior makes it impossible for an HTML email to automatically open a new window or to launch the download of an executable.

Mitigating Factors:
====================
Cross-Site Scripting in Local HTML Resource:

- A successful attack requires that a user first click on a
hyperlink. There is no way to automate an attack using
this vulnerability.

- Outlook 98 and 2000 (after installing the Outlook Email
Security Update), Outlook 2002, and Outlook Express 6 all
open HTML mail in the Restricted Sites Zone. As a result,
customers using these products would not be at risk from
email-borne attacks.

- Customers using Outlook 2002 SP1 who have enabled the
"Read as Plain Text" feature would be immune from the HTML
email attack. This is because this feature disables all
HTML elements, including scripting, from mail when it
is displayed.

- Any limitations on the rights of the user's account
would also limit the actions of the attacker's script.

- Customers who exercise caution in what web sites they
visit or who place unknown or untrusted sites in the
Restricted Sites zone can potentially protect themselves
from attempts to exploit this issue on the web.

Local Information Disclosure through HTML Object:

- It can only be used to read information. It cannot add,
change or delete any information.

- The attacker would need to know the exact name and
location on the system of any file they attempted to read.

- Only files that contained a particular, individual ASCII
character could be read. If this single character is not
present, the attempt to read the file would fail.

- Outlook 98 and 2000 (after installing the Outlook Email
Security Update), Outlook 2002, and Outlook Express 6 all
open HTML mail in the Restricted Sites Zone. As a result,
customers using these products would not be at risk from
email-borne attacks.

- Customers using Outlook 2002 SP1 who have enabled the
"Read as Plain Text" feature would be immune from the
HTML email attack. This is because this feature disables
all HTML elements, including scripting, from mail when it
is displayed.

Script within Cookies Reading Cookies:

- The specific information an attacker could access would
depend on what information a site has chosen to store in
its cookies. Best practices strongly recommend against
storing sensitive information in cookies.

- An attacker would have to entice a user to first click on
a hyperlink to initiate an attempt to exploit this
vulnerability. There is no way to automate an attack that
exploits this vulnerability.

- Mounting a successful attack requires that the attacker
know the exact name of the target cookie. This
vulnerability provides no means for an attacker to
acquire that information.

- Outlook 98 and 2000 (after installing the Outlook Email
Security Update), Outlook 2002, and Outlook Express 6
all open HTML mail in the Restricted Sites Zone. As a
result, customers using these products would not be at
risk from email-borne attacks.

- Customers using Outlook 2002 SP1 who have enabled the
"Read as Plain Text" feature would be immune from the
HTML email attack. This is because this feature disables
all HTML elements, including scripting, from mail when it
is displayed.

Zone Spoofing through Malformed Web Page:

- A successful attack would require NetBIOS connectivity
between the user and the attacker's site. Any filtering
of NetBIOS, such as that found by ISP's or at the firewall
perimeter, would thwart attempts to exploit this
vulnerability.

- Any attempt to render a web site in the Trusted Sites zone
would require very specific knowledge of custom configuration
made by the user. This aspect of the vulnerability is not
exploitable by default, nor does the vulnerability give the
means to acquire the necessary information for that attack.

New Variants of the "Content Disposition" Vulnerability:

- Any successful attempt to exploit this vulnerability requires
that the attacker know that the intended target have specific
versions of specific applications on their system. The
vulnerability gives no means for an attacker to know what
applications or versions are present on the system.

- Any attempt to exploit the vulnerability requires that the
attacker host a malicious executable on a server accessible
to the intended victim. If the hosting server is
unreachable for any reason, such as DNS blocking or the
server being taken down, the attack would fail.

Risk Rating:
============
- Internet systems: Critical
- Intranet systems: Critical
- Client systems: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
***********.microsoft.com/technet/security/bulletin/ms02-023.asp
for information on obtaining this patch.

================================================== ===
  #2  
Old May 16, 2002, 08:28 AM
bitboy bitboy is offline
Veteran
 
Join Date: Aug 2001
Posts: 593
Default

bump for all to see

It really is shocking how MS get away with it. Perhaps piracy wouldnt be as much of a problem if microsoft actually released stable secure operating systems to begin with. I have 95, 98, NT all legit, and i really struggle to justify buying any more MS stuff, linux may be making an appearance on my main pc soon!
  #3  
Old May 16, 2002, 09:58 AM
Devil-Man Devil-Man is offline
Veteran
 
Join Date: Feb 2001
Posts: 2,216
Default

Quote:
vulnerability that could allow a script to
execute as if it were run by the user [b]herself[/b]
Note that it stated [B]HERSELF[/B].

Is MS trying to say that women are more likely to click what they shouldn't then men?
  #4  
Old May 16, 2002, 10:38 AM
Lazza Lazza is offline
suspended
 
Join Date: Nov 2001
Posts: 4,789
Default

Now don't you go upsetting our valued female members by pointing that out Devil Man.

So was it a "typo" or not.

Bill, you will get even more hate mail for this!
  #5  
Old May 16, 2002, 03:51 PM
Lazza Lazza is offline
suspended
 
Join Date: Nov 2001
Posts: 4,789
Default

^^^Bump^^^

For obvious reasons.
  #6  
Old May 16, 2002, 04:25 PM
green_blade green_blade is offline
Veteran
 
Join Date: Apr 2001
Location: Somewhere In England
Posts: 2,175
Default

Yep, just hogged my downloading bandwidth for 2 1/2 hours !!
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ebay pop ups!!! ERP Open to All Computer Related Topics 12 Mar 11, 2010 05:06 PM
microsoft patch emailed??? syntaxx Open to All Computer Related Topics 5 Oct 08, 2003 03:45 AM
Virus (September Cumalative Patch) gooner Open to All Computer Related Topics 1 Sep 19, 2003 06:39 AM
Microsoft To Target X-box hackers Jaice Video Game Backup - Xbox 8 Sep 07, 2002 09:53 PM
>>>>Another CRITICAL Internet Explorer Patch<<<< Lazza Open to All Computer Related Topics 3 Aug 24, 2002 10:43 PM


All times are GMT -5. The time now is 03:35 PM.



Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 1996-2009 CDROM-Guide.com. All rights reserved