Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Microsoft Plugs 'Critical' E-Mail Server Holes

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Microsoft Plugs 'Critical' E-Mail Server Holes
Date: Wed, 11 Jan 2006 00:49:37 -0600 (CST) 
http://www.eweek.com/article2/0,1895,1909647,00.asp

By Ryan Naraine 
January 10, 2006 

Microsoft Corp. on Tuesday released two security bulletins to fix
"critical" flaws in several widely deployed products, including one
that presents a remote unauthenticated attack vector that could leave
corporate e-mail servers open to a destructive network worm attack.

A company spokesperson flagged MS06-003 as the most serious issue,
warning that a bug in the way TNEF (Transport Neutral Encapsulation
Format) is decoded can allow malicious hackers to inject harmful code
automatically without user interaction.

Businesses running Microsoft Exchange Server 5.0, Microsoft Exchange
Server 5.5 and Microsoft Exchange 2000 are at the highest risk of a
network attack, according to Stephen Toulouse, program manager in the
MSRC (Microsoft Security Response Center).

Microsoft Office 2000, Microsoft Office XP, Microsoft Outlook 2002 and
Microsoft Office 2003 are also at immediate risk, although a
successful attack requires a minimum amount of user interaction.

"[An attacker] can run code on the server when the server is
processing an e-mail message," Toulouse said in an interview, noting
that the code would be executed in the background without any user
interaction. "If you're running Exchange Server 5.0, Exchange Server
5.5 or Exchange 2000 Server, you want to pay special attention to this
update."

Businesses running Microsoft Exchange Server 2003 are not affected.

The TNEF format, which is proprietary, is used by the Microsoft
Exchange Server and Outlook e-mail clients to parse RTF (Rich Text
Format) messages. When Microsoft Exchange thinks that it is sending a
message to another Microsoft e-mail client, it extracts all the
formatting information and encodes it in a special TNEF block.

It then sends the message in two parts?the text message with the
formatting removed and the formatting instructions in the TNEF block.  
On the receiving side, a Microsoft e-mail client processes the TNEF
block and reformats the message.

In an attack scenario, Toulouse said, a malicious hacker could create
a specially crafted TNEF message to trigger an exploit when the server
is decoding the e-mail message.

The second bulletin, MS06-002, also covers a remote code execution
vulnerability in the way Windows handles malformed embedded Web fonts.

This flaw could be exploited by attackers using specially constructed
Web fonts placed on Web sites or in e-mail messages. Toulouse
acknowledged that the vulnerability presented a major code execution
risk but said the attack scenario requires that the victim be lured
into viewing a rigged Web site or a specially crafted e-mail.

"These are both high-priority updates that were privately reported.  
We're not aware of any exploits or attacks but we want to ensure
people understand these risks and get these updates deployed on their
systems," Toulouse said.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Microsoft Plugs 'Critical' E-Mail Server Holes, InfoSec News <=
Previous by Date:  [ISN] Qualys vulnerability research put in peril, InfoSec News
Next by Date:  [ISN] Book Review: Insider Threat, InfoSec News
Previous by Thread:  [ISN] Qualys vulnerability research put in peril, InfoSec News
Next by Thread:  [ISN] Book Review: Insider Threat, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]