Microsoft Security Bulletin MS0. Critical. On June 1. May 8 2. 00. 2 did not fully protect systems against the reintroduction of the vulnerable control. Specifically, if the vulnerable control were offered for download and a user accepted the control, it could be possible for an attacker to load the control, even though the update had been applied. Those fixes did fully and successfully address the vulnerability and are not themselves vulnerable to the issues discussed in this bulletin. We have updated the bulletin to advice customers of this and to announce the availability of an updated MSN Chat control and an updated patch and to encourage customers who applied the previous fixes to consider applying the updated fixes. In addition, work on an updated MSN Messenger and Exchange Instant Messenger are underway and those should be posted shortly. Customers who have applied any of the fixes released on May 8 2. Customers can apply the new updates directly: there is no need to uninstall the previous updates. What's the scope of the vulnerability? This is a buffer overflow vulnerability. An attacker who successfully exploited this vulnerability would be able to run programs on another user's system. Such a program could take any action that the system's owner could take, such as adding, changing or deleting any data or configuration information. For example, the code could lower the security settings in the browser, or write a file to the hard disk. The affected component does not ship by default with any version of Windows or IE. Trillian, the free instant messenger for Windows, MacOS X, Android, iPhone, BlackBerry, Linux, and the Web. Supports Windows Live, Facebook, Twitter, Yahoo, MySpace. Outlook Messenger 6.0 serial numbers. Outlook-to-notes-software 6.0 crack: Msn Messenger Monitor Sniffer 3.6.0.2 serial: Migrate Outlook To Notes 6.0 patch.
Customers who are using the latest Microsoft mail products, Outlook 2. Outlook Express 6. HTML email- borne attacks. Outlook 9. 8 and Outlook 2. Outlook Email Security Update are also protected by default against HTML email- borne attacks. Because the code would run as the user and not the operating system, any security limitations on the user's account would also be applicable to any code run by successfully exploiting this vulnerability. In environments where user accounts are restricted, such as enterprise environments, the actions that an attacker's code could take would be limited by these restrictions. What causes the vulnerability? The vulnerability results because of an unchecked buffer in the code that handles the input of a parameter in the MSN Chat control. By invoking this parameter in a particular manner, an attacker could overflow the buffer and gain the ability to run code in the user's security context. What is MSN Chat? MSN Chat is an online service offered by MSN that lets users talk to one another in virtual . These rooms can allow multiple users to gather in a single, virtual location and exchange text- based messages. MSN Chat works by users running a local client chat program, in this case the MSN Chat control, and then logging on to a central chat server. Once logged on to the chat server, users can enter chat rooms and exchange messages with one another. What is the MSN Chat control? The MSN Chat control is an Active. X control that is used on a variety of MSN sites, including the MSN Chat site. In essence, the control is a self- contained chat program. What is an Active. X control? Active. X is a technology that allows developers to deploy programs in a small, self- contained way. These programs are called controls and can be used by web pages, Visual Basic programs or other applications. Active. X controls can be distributed in a number of ways including installing with software products or being offered for download from a web site. Regardless of how a user installs an Active. X control, once it is installed and registered on the user's system, it is fully functional and available to the user. How do I get the MSN Chat control? You can get the MSN Chat control through two means: Via web download from MSN Chat sites. Through inclusion with Microsoft Instant Messaging Products, specifically MSN Messenger and Exchange Instant Messenger. How do I get the MSN Chat control from the web? Any time a user visits a chat room on MSN, the site checks to see if the user's system has the latest version of the MSN Chat control. If no control is found on the user's system or a newer version of the control is available than is on the user's system, the MSN Chat control is automatically offered for download. The user then has the choice to accept and install the control, or cancel the download. If the user chooses to accept the control, it is then installed. It's important to note that this control is used for chat rooms on several MSN sites in addition to the main MSN Chat site. If you have successfully used chat on any MSN- site, you have downloaded and installed the chat control. How do I get the MSN Chat control from Microsoft Instant Messaging Products? In addition to being available for download directly from the MSN Chat site, the MSN Chat control is installed with MSN Messenger, since version 4. Exchange Instant Messenger. It's important to note however, that this vulnerability does not affect these technologies themselves. MSN Chat is different from MSN Messenger, Windows Messenger or Exchange Instant Messenger in that those technologies are peer- to- peer messaging products and allow users to talk directly with each other. While users of these technologies logon to a directory server, to announce their availability, there are no . The MSN Chat control is not included with Windows Messenger in Windows XP. However, Windows XP users can install the control by visiting an MSN Chat site and downloading the control. What's wrong with the MSN Chat control? There is an unchecked buffer in one of the functions that handles the input of certain parameters to the control. What would this vulnerability enable an attacker to do? An attacker who exploited this vulnerability successfully could run a program on a system that had the control installed. Since the MSN Chat control runs in the security context of the user, the program would be able to take any actions that the legitimate user was capable of taking, including adding or deleting data or configuration information. On the other hand, this also means that any limitations placed on the user's account would apply to the attacker's code as well. For example, if an enterprise administrator had implemented policies such that the user could not change their IE security setting, the attacker's code would also be prevented from changing those settings. How might an attacker attempt to exploit this vulnerability? An attacker could attempt to exploit this vulnerability by creating a web page that invoked the MSN Chat control and included a call to the parameter in question in a particular way. When the user opened the web page and the code on the page ran, the attack would be carried out. The attacker would most likely attempt to get the user to open this malicious web page in one of two ways: By posting the page on a web site. If he successfully enticed the user to visit his site, the control would be invoked once the page had loaded. By sending the web page as an HTML email to the user. If the user were using a mail client that reads mail in the Restricted Sites zone, such as Outlook 2. Conversely, if the user were not using a product that reads mail in the Restricted Sites zone, then when the web page was rendered, either by opening the mail or through a preview pane, the control would be invoked. How can I mitigate the risk of the web- borne attack? For the web- based attack to succeed, the attacker would have to lure the user to a site under his control. Users who exercise caution in their choice of web sites and only visited trusted web sites could potentially protect themselves from attack by avoiding the attacker's web site. I've heard that if I'm using IE, it's possible for an attacker to exploit this vulnerability even if I've never installed the MSN Chat control or the Messenger products, is that true? It's true that it is possible for an attacker to host a copy of the vulnerable version of the control on their web site which could be offered for download when a user visited the site. However, the attacker would have to entice the user to visit their web site and convince the user to accept and install the control when offered. Since the chat control is meant to be used in conjunction with chat sites, it would be worth questioning the trustworthiness of any site that unexpectedly offered a chat control for download. The best action would be to refuse the download offered. But, I've heard that it's possible for an attacker to force this control to download without my knowing it, is that true? There is an option that can allow a user to always accept signed code, such as the MSN Chat control, without prompting. Specifically, a user can select the . This means that even if you've chosen to trust content signed by Microsoft, it doesn't necessarily mean that the particular certificate used to sign this control. Certificates are used to sign only a handful of controls. This means that only someone who has downloaded the chat control or other related controls from MSN and selected the . There is no way for an attacker to offer this control without a user visiting their site. That said, the . This is accomplished by a making a registry setting and is referred to as setting the . Setting this ensures that even if a vulnerable component is introduced or re- introduced onto a system it remains inert and harmless. There is more information on this feature in Q2. How can I mitigate the risk of the email- borne attack? Customers who use any of the following products are protected against email- borne attacks by default: This is because these products read email in the . By default, the Restricted Sites zone disables the scripting of Active. X control. This means that an HTML email that attempts to exploit this vulnerability that is read using one of these products is rendered harmless. I'm using one of the mail products listed above and don't visit untrustworthy sites. Does this mean I don't need the patch?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
April 2017
Categories |