windows critical security update package

Discussion in 'other security issues & news' started by Pretender, Jun 26, 2002.

Thread Status:
Not open for further replies.
  1. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Title: 26 June 2002 Cumulative Patch for Windows Media Player
    (Q320920)
    Date: 26 June 2002
    Software: Windows Media Player
    Impact: Three new vulnerabilities, the most serious of which
    could run code of attacker's choice
    Max Risk: Critical
    Bulletin: MS02-032

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/security/bulletin/MS02-032.asp.
    - ----------------------------------------------------------------------

    Issue:
    ======
    This is a cumulative patch that includes the functionality of
    all previously released patches for Windows Media Player 6.4, 7.1
    and Windows Media Player for Windows XP. In addition, it eliminates
    the following three newly discovered vulnerabilities one of which
    is rated as critical severity, one of which is rated moderate
    severity, and the last of which is rated low severity:

    - An information disclosure vulnerability that could provide
    the means to enable an attacker to run code on the user's
    system and is rated as critical severity.

    - A privilege elevation vulnerability that could enable an attacker
    who can physically logon locally to a Windows 2000 machine and run
    a program to obtain the same rights as the operating system.

    - A script execution vulnerability related that could run a script
    of an attacker's choice as if the user had chosen to run it after
    playing a specially formed media file and then viewing a specially
    constructed web page. This particular vulnerability has specific
    timing requirements that makes attempts to exploit vulnerability
    difficult and is rated as low severity.

    It also introduces a configuration change relating to file extensions
    associated with Windows Media Player. Finally, it introduces a new,
    optional, security configuration feature for users or organizations
    that want to take extra precautions beyond applying IE patch MS02-023
    and want to disable scripting functionality in the
    Windows Media Player for versions 7.x or higher.

    Mitigating Factors:
    ====================
    Cache Patch Disclosure via Windows Media Player

    - Customers who have applied MS02-023 are protected against
    attempts to automatically exploit this issue through HTML email
    when they read email in the Restricted Sites zone. Outlook 98 and
    Outlook 2000 with the Outlook Email Security Update, Outlook 2002
    and Outlook Express 6.0 all read email in the Restricted Sites
    zone by default.

    - The vulnerability does not affect media files opened from the
    local machine. As a result of this, users who download and save
    files locally are not affected by attempts to exploit this
    vulnerability.

    Privilege Elevation through Windows Media Device Manager Service:

    - This issue affects only Windows Media Player 7.1 it does not
    affect Windows Media Player for Windows XP nor Windows
    Media Player 6.4.

    - The vulnerability only affects Windows Media Player 7.1 when run
    on Windows 2000, it does not impact systems that have no user
    security model such as Windows 98 or Windows ME systems.

    - This issue only affects console sessions; users who logon via
    terminal sessions cannot exploit this vulnerability.

    - An attacker must be able to load and run a program on the system.
    Anything that prevents an attacker from loading or running a
    program could protect against attempts to exploit this
    vulnerability.

    Media Playback Script Invocation:

    - A successful attack requires a specific series of actions
    follows in exact order, otherwise the attack will fail.
    Specifically:
    - A user must play a specially formed media file from an
    attacker.
    - After playing the file, the user must shut down
    Windows Media Player without playing another file.
    - The user must then view a web page constructed by the
    attacker.

    Risk Rating of new vulnerabilities:
    ============
    - Internet systems: Low
    - Intranet systems: Low
    - Client systems: Critical

    Aggregate Risk Rating (including issues addressed in
    previously released patches):
    - Internet systems: Critical
    - Intranet systems: Critical
    - Client systems: Critical

    ============
    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    http://www.microsoft.com/technet/security/bulletin/ms02-032.asp
    for information on obtaining this patch.

    Acknowledgment:
    ===============
    - jelmer for reporting the Cache Patch Disclosure via Windows
    Media Player.

    - The Research Team of Security Internals
    (www.securityinternals.com) for reporting Privilege
    Elevation through Windows Media Device Manager Service:

    - Elias Levy, Chief Technical Officer, SecurityFocus
    (http://www.securityfocus.com/), for reporting the
    Media Playback Script Invocation.
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Once again, MicroSoft valiantly, courageously and successfully close the stable doors.

    But wait - where's the damn horse gone?
     
  3. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Bless you! You did sneeze right? ;)
     
  4. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    No, I sneezed left, to avoid the creamed potatoes.
     
  5. helpin

    helpin Guest

    Once again Microsoft proves they are not just a poor software company, despite their billions, but a horrible software company. In no other industry would people put up with these kinds of constant errors, holes, call em what you like.
     
  6. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    and:

    To add to this though......the patch download went fine, but I had to download the player again for some reason, so you might ck out if your player works after downloading the patch. I didn't have any trouble after (or while) downloading the player again. Hope not too many others encounter this. The download of player is a hefty one, almost 10 MB if I remember correctly. later.
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    Don't forget to check the setting or better to run XP-antispy once again if running WinXP : the unique identifier should be resset by the patch.

    Cheers,

    http://smilies.sofrayt.com/1/r/happy.gif
     
Loading...
Thread Status:
Not open for further replies.