Microsoft Black Tuesday - June 2007 - Michael Sutton's Blog -
Michael Sutton's Blog » Microsoft Black Tuesday - June 2007
Microsoft Black Tuesday - June 2007
The June edition of Microsoft Black Tuesday marked two important events - an all out assault on client side vulnerabilities and the end of the security honeymoon for Windows Vista. I've been saying for some time now that we're in the midst of a revolution as attackers shift their focus from gaping server side vulnerabilities, which are becoming increasingly rare, to stealthy client side holes that make phishers salivate. This month's patches illustrated that we need to focus our efforts on better securing client side applications as there are a plethora of holes ripe for exploitation. Vista also received a dose of reality as the latest and greatest operating system appeared in 8 of the published vulnerabilities, with 3 of them being critical. Also of interest is MS07-035, a remote code execution vulnerability in the Windows API which can apparently be exploited via Internet Explorer. This is certainly one to keep an eye on as it will be interesting to see if public exploit code emerges in the coming days.

This month Microsoft patched 15 vulnerabilities that were packaged into 6 security bulletins, 13 of which were critical. The patch release was average by recent standards. The 15 vulnerabilities had the following overall severity rankings.

  • 8 Critical
  • 4 Important
  • 3 Moderate

This month's bulletins included patches for 3 public vulnerabilities, none of which were already being actively exploited. The following publicly known issues received patches:

  • MS07-033 (CVE-2007-1499) Navigation Cancel Page Spoofing Vulnerability
  • MS07-034 (CVE-2006-2111) URL Redirect Cross Domain Information Disclosure Vulnerability
  • MS07-034 (CVE-2007-1658) Windows Mail UNC Navigation Request Remote Code Execution Vulnerability

Below is a cheat sheet for all 15 vulnerabilities.

Enjoy!

- michael

 

Bulletin  

Title

MS07-030  




Visio Version Memory Corruption Vulnerability
CVE-2007-0934
Important
Public: No
Exploited: No

MS07-030  




Visio Document Packaging Vulnerability
CVE-2007-0936
Important
Discovered By: Chris Ries of Vigilant Minds
Public: No
Exploited: No

MS07-031

Vulnerability in the Windows Schannel Security Package
CVE-2007-2218
Critical
Discovered By: Thomas Lim of COSEINC
Public: No
Exploited: No

MS07-032

Permissive User Information Store ACLs Information Disclosure Vulnerability
CVE-2007-2229
Moderate
Discovered By: Robbie Sohlman
Public: No
Exploited: No

MS07-033

COM Object Instantiation Memory Corruption Vulnerability
CVE-2007-0218
Critical
Discovered By:

   An anonymous researcher working with iDefense VCP

   Tom Cross of ISS
Public: No
Exploited: No
Advisory: iDefense

MS07-033

CSS Tag Memory Corruption Vulnerability
CVE-2007-1750
Critical
Public: No
Exploited: No

MS07-033

Language Pack Installation Vulnerability
CVE-2007-3027
Critical
Discovered By: An anonymous researcher working with TippingPoint
Public: No
Exploited: No
Advisory: ZDI-07-037

MS07-033

Uninitialized Memory Corruption Vulnerability
CVE-2007-1751
Critical
Discovered By: Sam Thomas working with TippingPoint
Public: No
Exploited: No
Advisory: ZDI-07-038

MS07-033

Navigation Cancel Page Spoofing Vulnerability
CVE-2007-1499
Moderate
Public: Yes
Exploited: No

MS07-033

Speech Control Memory Corruption Vulnerability
CVE-2007-2222
Critical
Discovered By:

   Will Dorman of CERT/CC

   cocoruder of Fortinet Security Research
Public: No
Exploited: No

MS07-034

URL Redirect Cross Domain Information Disclosure Vulnerability
CVE-2006-2111
Important
Public: Yes
Exploited: No

MS07-034

Windows Mail UNC Navigation Request Remote Code Execution Vulnerability
CVE-2007-1658
Critical
Public: Yes
Exploited: No

MS07-034

URL Parsing Cross Domain Information Disclosure Vulnerability
CVE-2007-2225
Important
Discovered By: SANS ISC
Public: No
Exploited: No

MS07-034

Content Disposition Parsing Cross Domain Information Disclosure Vulnerability
CVE-2007-2227
Moderate
Discovered By: Yosuke Hasegawa of WebAppSec.JP
Public: No
Exploited: No

MS07-035

Win32 API Vulnerability
CVE-2007-2219
Critical
Discovered By: Billy Rios from VeriSign
Public: No
Exploited: No

 

Posted 06-13-2007 1:09 AM by erik.peterson
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems