8 patches for Patch Tuesday, plus new WordPad hole found


As expected, Microsoft has released eight patches today, six of them rated critical. It also issued a warning for older versions of Windows about a vulnerability found in WordPad that Microsoft has not yet patched.

The warning, Microsoft Security Advisory 960906, says that the WordPad hole could allow a hacker to remotely execute code on pwn'd machines. It affects WordPad Text Converter for Word 97 files on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Server 2003 SP2. It does not affect Windows XP SP3, Windows Vista, and Windows Server 2008. Microsoft says it is investigating the hole, but that its dangers are mitigated by a few circumstances, such as the fact that the exploit can't launch itself -- a user must open an attachment sent via an e-mail message.

Additionally, while Microsoft investigates the need for a patch, it says that enterprises can easily avoid any mishap from this hole. If Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, not WordPad. Only if an attacker sends a malicious file with the Windows Write (.wri) extension, would the file invoke WordPad and .wri extensions can be blocked at the firewall.

In the meantime, of the eight patches released today, Eric Schultze, CTO, Shavlik Technologies says in a written statement that he finds the two labeled as "important' most interesting.

Bulletin No. 7, (MS08-076), labeled important, is a new flaw that is closely related to a security patch from last month - MS08-068, says Schultze.  It enables attackers to get your Windows password and then remotely control your system without your knowledge.  A hacker can exploit this hole if you click on an "evil URL related to Windows Media items (typically audio and/or video clips)," Schultze says. 

"In this scenario, when a user clicks on an evil link, their password, or representations of their password, are sent to an evil server where the attacker can replay these credentials to log back on to the user's computer.  It's similar to the 08-068 attack (credential reply), but uses different communication mechanisms to logon to the computers.  Microsoft says that Windows Media Player doesn't play by the same rules as the Operating System, and that's why this issue wasn't fixed in the November patch release. This issue could become very serious if attackers figure out how to create the evil URLs.  I'd get this one patched right away (even though Microsoft only rates this as Important)."

The other important bulletin, MS08-077 is interesting because it covers SharePoint 2008 and Search Server 2008. Describes Schultze:

"A flaw exists in the security controls of these applications that might allow users to access parts of the Sharepoint or Search servers and execute some administrative tasks.  These tasks, while not allowing users direct access to protected information, could cause the server to stop responding to legitimate requests, or could provide additional information to attackers, such as email addresses of the users on the system."

As for the critical six, the first five fix 'client-side' vulnerabilities, some of which are updated patches from fixes issued earlier in 2008.  With client-side holes, users visit bad-guy websites or open malicious documents. The software affected includes: Active-X controls (in the browser), graphics or images, Word, Outlook, Excel, and Internet Explorer.  The remaining bulletin (MS08-075) is for Windows Vista and Windows Server 2008 and it involves a hack that occurs when a user executes a compromised Windows Search file. It is is a variant of an attack patched in July of 2008, says Schultze. He concludes:

"I'd recommend patching MS08-076, as well as MS08-070 through 75, as soon as possible.  Corporations and hosting services that use Sharepoint 2007 should install MS08-077 as soon as they can."

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see:

Glenn Weadock: Windows Search optionsSeek and you will find … Windows 7 Federated Search with SharePoint8 little-known technologies that instantly make Microsoft shops run smoother17 job-hunting resources for Windows prosGlenn Weadock on Windows Server 2008Windows & Macs Need Side Impact Crash TestingLibrary of Windows management tools from A Better Windows Worldall Microsoft Subnet bloggers.bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Subscribe to

Sign up for the

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.