copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Advi... » AA-2003.03 -- Recent Microsoft Vulnerabilities and P...
 

AA-2003.03 -- Recent Microsoft Vulnerabilities and Patches
Date: 26 August 2003
References: ESB-2003.0601  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
AA-2003.03                     AUSCERT Advisory

               Recent Microsoft Vulnerabilities and Patches
                              26 August 2003
Last Revised: --

- ---------------------------------------------------------------------------

Microsoft has recently released security bulletins warning of several 
vulnerabilities in Internet Explorer and MDAC (Microsoft Data Access 
Components).

AusCERT recommends that sites take the steps outlined in section 3 as soon
as possible.

Updates to this advisory will be released as new information becomes
available.

- - ---------------------------------------------------------------------------

1.  Description

    Internet Explorer is a widely used web browser and components of it are
    used by Outlook Express to display HTML email. By default, MDAC is 
    installed as part of Microsoft Windows XP, Windows 2000, and Windows 
    Millennium Edition.

2.  Impact

    These vulnerabilities may allow remote attackers to gain access to a 
    Windows system, by the user viewing a web page with harmful embedded 
    mobile code. This web page could be hosted on a site controlled by the 
    attacker or sent to the user as a HTML email. Once exploited an attacker 
    would be able to execute arbitrary code or perform other actions on the 
    user system to the level permitted by the authenticated user. The 
    potential for an attacker to create a worm/virus which exploits this 
    vulnerability via email is high.

3.  Workarounds/Mitigation

    The relevant Microsoft bulletins are available on the AusCERT web site,
    see [1] and [2].

    The patches to prevent exploitation of this vulnerability are available
    from the Microsoft website, see [4] and [5] for information on obtaining 
    the appropriate patches for your system. Alternatively, administrators may
    wish to enable Windows Automatic Updates in order to install these and
    other security related patches.

    Further information can be found in the AusCERT publication "Protecting 
    Against Harmful Malicious Code" [6].

REFERENCES:

[1]  ESB-2003.0586 -- Microsoft Security Bulletin MS02-040 REVISED -- 
     Unchecked Buffer in MDAC Function Could Enable System Compromise 
     (Q326573)
     http://www.auscert.org.au/3369

[2]  ESB-2003.0588 -- Microsoft Security Bulletin MS03-032 -- Cumulative 
     Patch for Internet Explorer (Q822925) 
     http://www.auscert.org.au/3371

[3]  Microsoft Security Bulletin MS02-040
     http://www.microsoft.com/technet/security/bulletin/MS02-040.asp

[4]  Microsoft Security Bulletin MS03-032
     http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

[5]  Microsoft Security Bulletin MS03-033
     http://www.microsoft.com/technet/security/bulletin/MS03-033.asp

[6]  Protecting your computer from malicious code
     http://www.auscert.org.au/3352

[7]  eEye Digital Security. Internet Explorer Object Data Remote Execution 
     Vulnerability
     http://www.eeye.com/html/Research/Advisories/AD20030820.html

- ---------------------------------------------------------------------------

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation\'s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

AusCERT also maintains a World Wide Web service which is found on:
http://www.auscert.org.au.

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business
                hours which are GMT+10:00 (AEST).  On call after hours
                for member emergencies only.

Postal:
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld  4072
AUSTRALIA


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBP0q0GCh9+71yA2DNAQFqlQQAkyw59Z/5j8Z+PfqV1Su/YL9DzUkS+O9m
diuQAQinMJZFalAoLOkxkM5o87iW4U+c2J05KjINyqbEhzedJ4y5IKMG7GBsgbrr
f8VNEetqu9XBSRg2Nr/Y9uejttNF/4VaMPi9WjkT2nKisnCLqNr6s5omZ68+PjvF
CL8tOx6kfZQ=
=iHRK
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1978&it=3379