Dr.Melzer 191 Geschrieben 29. September 2006 Melden Teilen Geschrieben 29. September 2006 Dies Advisory kam gestern Nacht: What is this alert? This alert is to notify you that Microsoft has released Security Advisory 926043 – Vulnerability in Windows Shell Could Allow Remote Code Execution - on 28 September 2006. ======================================== Summary ======================================== Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports. The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View. We are working on a security update currently scheduled for an October 10 release. Customers are encouraged to keep their anti-virus software up to date. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site. ======================================== Mitigating Factors ======================================== In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed. By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default. ======================================== Recommendations ======================================== Review Microsoft Security Advisory 926043 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources. Customers who believe they have been attacked should contact their local FBI office or report their situation to http://www.ic3.gov. Customers outside the U.S. should contact the national law enforcement agency in their country. Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: Security Help and Support for Home Users. Zitieren Link zu diesem Kommentar
Dr.Melzer 191 Geschrieben 29. September 2006 Autor Melden Teilen Geschrieben 29. September 2006 ======================================== Additional Resources: ======================================== • Microsoft Security Advisory 926043 – Vulnerability in Windows Shell Could Allow Remote Code Execution Microsoft Security Advisory (926043): Vulnerability in Windows Shell Could Allow Remote Code Execution • MSRC Blog: Welcome to the Microsoft Security Response Center Blog! Note: check the MSRC Blog periodically as new information may appear there. ======================================== Regarding Information Consistency: ======================================== We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative. If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft PSS Security Team Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.