Microsoft released six Security Updates yesterday, fixing a total of 11 vulnerabilities, including Windows, Office, And. Net Framework. Five of these vulnerabilities are critical.
Security Analysts said: "The most important thing is MS07-039, there is no doubt, should be the first to put this patch ." Andrew Storm, head of Security operating systems at nCircle Net Security, said, "so far, this is the first important Security update this month ". MS07-039 fixes a pair of Active Directory vulnerabilities in windows and Windows Server versions. The most dangerous thing is to verify an LDAP (Lightweight Directory Access Protocol, Lightweight Directory Access Protocol) in the Active Directory). According to Microsoft, "attackers can exploit this vulnerability to completely control the target computer ". David Dewey, a researcher in the X-Force Team of the IBM Internet Security System Department, also holds the same view: "Of course, this should be the first one. This is definitely a very dangerous vulnerability ". Dewey also mentioned Neel Mehta, his colleague at work at ISS, that is, Neel discovered this vulnerability last summer, although it was only in theory at that time. "When we were working for Microsoft, Neel theoretically proved that there was a threat," Dewey said ." Storm also said, "of course this is worth studying. the Active Directory is the core of the network components of every Windows product, including the security part of the Group Policy, everything, and all users ".
X-Force researcher Tom Cross said: unlike most vulnerabilities, this Active Directory vulnerability can be exploited without any user interaction. If it is on Windows Server, attackers can even attack anonymous users. Although Windows Server 2003 is secure at first glance, you must have the correct creden。 on your system to exploit this vulnerability. Cross said: "In this case, it is not that important to recognize or not, because anyone on the network, such as a company employee, will certainly have creden ." Even worse, attackers on the internet can easily control internal bots. Once attackers access the Intranet, you can use the Active Directory Vulnerability to completely control Windows 2003 systems that are considered safe.
Two other five security bulletins are marked as critical, and the other five are marked as important and medium.
MS07-036, fixed three vulnerabilities, two of which are critical vulnerabilities, one is just announced, while the MS07-036 also fixed some bugs in Excel2000, 2002, 2003, 2007. These bugs were also found in other Microsoft Office products in the past. For example, Word and PowerPoint, attackers have used this type of bug to embed malicious code, and the attack scope is small, it is hard to find a person in the company at a time. A researcher at Symantec said in an email that this update was very interesting. Microsoft initially did not pay attention to reports of threats to Excel in February this year, and now it knows that the problem is serious. At that time, Symantec's cyber threat Research Department analysts had reported that Excel2003 could be used for DoS attacks. Four months ago, Microsoft also denied that these bugs were real vulnerabilities. A spokesman said: "Microsoft has investigated products such as Office2003 and Excel2003 and confirmed that there are threats, which may cause the program to fail to respond. However, you can restart the program ."
Oliver Friedrichs, director of Symantec's security response team, reminded everyone that: "Today's patch announcement fixes a vulnerability that may be considered to have caused a Denial-of-Service attack in January, but today it is set to cause remote code execution." The three bugs fixed by Microsoft's MS07-036 are identified as possible remote code execution, which means hackers implant malware by exploiting Excel vulnerabilities.
The third important update is MS07-040, which blocks three. net Framework vulnerabilities. net Framework is the main Runtime library called by Windows developers. Note that these three vulnerabilities were demonstrated in a latent attack at the Syscan 7 security conference in Singapore last week. However, IT may be very troublesome for the company's IT manager to update the patch because. net Framework has been widely used. Storm said: "The company should not only evaluate the quality of the patch, but also re-evaluate the quality of the code running in. net Framework ." The MS07-040 is applied to all versions of. Net Framework except version 3.x, which also brings complexity to the test of the application software.
For other security updates, one vulnerability that fixes the 2007 release, one that fixes IIS5.1 in Windows XP Professional SP2, and one that fixes the firewall in Windows Vista.
"The last update level is marked as medium and should be placed second among the four levels of Microsoft's level-4 risk level," Symantec's Friedrichs said, "Microsoft decided to rewrite the Windows network stack and Vista's built-in firewall, which seems to have long-term security considerations. The network stack needs to be constantly refined to become strong. As the first line of defense of the operating system, the quality of the network stack directly affects the ability to defend against attacks. Firewall bugs are not a big deal. Most of them can be seen from the Internet through the firewall, but once they are combined with open service vulnerabilities, the consequences will be unimaginable ."
Microsoft usually puts monthly security updates on Microsoft's patch server, or updates through Windows Server (WSUS.