Eleven major soft spots addressed by latest Patch Tuesday
The full effect of yesterday's round of patches from Microsoft is just now being felt. This time, it's not the worldwide DNS flaw that's the big issue, but the typical stuff that afflicts Microsoft products, including and especially Office.
One of the "critical" vulnerabilities addressed yesterday affects older versions of Microsoft Word, and was acknowledged by the company last month. It involves intentionally malformed documents that, when parsed by Word, cause it to crash but also leave memory corrupted. Within that corrupt memory can lurk remnant code that could then be executed to give a remote, malicious user unauthorized privileges.
You'd think that perhaps an Office 2003 Service Pack would be the answer to this problem, as systems with that service pack loaded were reportedly unaffected, as were systems with Office 2007 with or without SP1. But this week, Microsoft did elect to address the issue with a separate fix.
Another of the 11 issues addressed with this round includes a bizarre problem, rated just "important" rather than "critical," having to do with IPsec: In Windows Vista, IPsec is a component that enables a fully encrypted connection, but with other systems that can host it (for instance, Windows Server 2008). It enables businesses to avoid having to deploy sophisticated, and often entangled, VPNs to secure their connections and open up file system access to privileged users.
In Vista, IPsec is closely tied with the group policy system, which is also part of its Advanced Firewall. These group policy objects determine how and whether certain security features are employed; and in the case of this particular security hole, the policy system can be fooled, and network traffic that's supposed to be encrypted, won't be. This fix affects both Vista and WS2K8, both 32- and 64-bit versions.
In a clear indication that no Windows component is, by design, safe if it can communicate with other systems, it was discovered that an old-style heap-based buffer overflow could be triggered by, of all things, the Internal Color Management (ICM) system. This is the part of Windows that manages color profiles for displays and printers, translating hues from image files into true representations for the screen, and in turn into equally true representations in print.
Now, it's difficult to imagine the "zero-day" exploit that would play with this vulnerability -- perhaps a spoof e-mail that says, "Adobe has determined you need to change your printer driver..." -- but Microsoft has acted nonetheless.
Another old-style exploit, which Microsoft rated "critical," impacts an old-style ActiveX control: the Access Snapshot Viewer. This is an .OCX file -- a library file whose format was originally designed to integrate with the earliest versions of Visual Basic and Access -- that could be redistributed with databases so that users could read formatted reports without having to have the full version of Access installed.
It's still in use with Access 2007, though two of its properties that point to filenames on remote users' systems, can be set to point to any old file, without any checks or filters. Unfortunately, it appears that this problem was discovered by malicious users first. It's the type of hole that Windows' new architecture was designed to avoid, but with downward compatibility continuing to be a factor among customers who use Access databases and can't migrate to, say, SQL Server, old-style tools will still be deployed. Yesterday's patch is probably a replacement .OCX file with new filters built in.