Microsoft reveals critical holes in Active Directory, mainframe gateway
Microsoft Tuesday issued four critical patches to close 10 vulnerabilities, some on critical IT systems such as Active Directory. The platforms affected by the critical vulnerabilities include Active Directory, Internet Explorer, Host Integration Server and Excel. In all, Microsoft issued 11 patches (see complete list here). In addition to the four that were critical, six were listed as important and one as moderate.
The patches were listed as MS08-056 through MS08-066.
"There is a nasty bunch of remotely exploited items," says Eric Schultze, CTO of Shavlik Technologies. He says the vulnerabilities this month are centered more on remote execution rather than "visit this evil Web site and get hacked."
"We are getting into more vulnerabilities that hit the infrastructure, the Windows kernel, Active Directory, protocol overflows,"he says. "If you have a Windows 2000 domain controller you are hosed."
In the Active Directory vulnerability, numbered as MS08-060, anyone on a corporate network can send a series of packets to the domain controller and take over the domain. The vulnerability only affects Windows 2000.
"Then they own the domain," Schultze says. "By owning it they then have domain admin privileges, which means they own every laptop and server and desktop in that domain. They can create user accounts, they can delete everybody's user accounts, they can lock everybody off the server, they can delete fields, they can add and delete services and they control everything in the domain."
Another potentially dangerous vulnerability lies in Host Integration Server RPC Service (MS08-059), which is another remote execution bug. The vulnerability covers 2000, 2004 and 2006 version of host integration server.
"Control of HIS can give an attacker control of data flowing into and out of some of the most closely guarded systems on the planet," Sheldon Malm, director of security R&D for nCircle, wrote in a research note. "It is absolutely vital for customers to find and remediate this vulnerability as quickly as possible. Host Integration Server is the de facto gateway linking Windows hosts to business critical mainframes and AS/400 systems, which in turn host databases and Customer Information Control System (CICS) applications that are believed to run in 90% of Fortune 500 corporations."
The other critical patches are a cumulative update for Internet Explorer (MS08-058) that resolves five privately reported vulnerabilities and one that was publicly disclosed.
The vulnerabilities, however, cut a wide swath across Internet Explorer.
"It is not as simple as patching IE for XP or Vista as it impacts 2000, XP, Vista as well as Microsoft Windows Server 2003 and 2008," says Don Leatham, senior director of solutions and strategy at Lumension.
The final critical patch (MS08-057) involved three privately reported vulnerabilities affecting Excel. The hole would allow a hacker to gain control of a system if the user opened a specially crafted Excel file.
In all, the four critical patches involved 10 vulnerabilities that were privately reported to Microsoft, a number that some say shows that the company is working more closely, and harmoniously, with researchers looking for bugs.
"If the security researchers feel respected by the vendor, they are more likely to come to them and say this it what it is rather than going public because they have these antagonistic feelings. That is actually a good trend for Microsoft," says Wolfgang Kandek, CTO of Qualys.
But Kandek says he sees another trend that is not so good, especially around the Host Integration Server flaw and the possible vulnerability to mainframe systems it creates.
"This is a fairly fringe attack; it is not common," Kandek says. "We think people are starting to look at these components now and they are branching out to the full functionality of the operating system. Rather than looking at the standard services they are saying what else runs on this OS."
He points out that MS08-062, and MS08-66, which were all rated as Important, fall into that category.
"We say this is new stuff and somebody has been looking an new angles on the OS here," Kandek says. "They focus attention that is not so common in order to gain control of these machines, and to ultimately use them in a bot net [in the case of Internet Explorer] or if I had access to a domain controller for something that goes into the identity theft area."
Reproduced from an article published by NetworlWorld.com
© NetworlWorld.com
The original article can be viewed here:
http://www.networkworld.com/news/2008/101408-security-the-focus-as-microsof...
Permalink Bookmark Digg this story
