Symantec rates Exchange vulnerability issue as critical

Microsoft issued information on seven new critical security bulletins.  The following summary provides Symantec’s evaluation of three of the most critical issues.

Vulnerability in Microsoft Exchange

Symantec Security Response rates the vulnerability in Microsoft Exchange as one of the more critical issues this month.  This remote code execution vulnerability affects the MIME (Multipurpose Internet Mail Extensions) decoding mechanism of Microsoft Exchange Server 2000/2003/2007.  Specifically, this issue can be triggered by a malformed base64-encoded attachment.

For the attack to be successful, a user of the Exchange server must open the malformed attachment.  A successful attack could completely compromise the computer hosting the vulnerable Exchange server and has the potential for impacting a large audience. 

Vulnerabilities in Windows Internet Explorer

Microsoft issued a security bulletin that included five vulnerabilities (four critical and one important) in Internet Explorer.  The Property Type Memory Corruption Vulnerability and HTML Objects Memory Corruption Vulnerability are client-side code execution vulnerabilities affecting Internet Explorer 6.0 – 7.0 and Internet Explorer 7.0, respectively, and both affect Internet Explorer 7.0 on Vista.

These vulnerabilities could be successfully exploited when a user visits a malicious Web site which then allows an attacker to leverage the vulnerability to execute arbitrary code in the context of the currently logged in user.   

Vulnerability in Windows DNS RPC Interface

Microsoft also issued a patch for the zero-day vulnerability in Windows DNS RPC Interface that was discovered in the wild in April.  This remote code execution vulnerability affects server-grade operating systems, including Windows 2000 and Windows Server 2003, and only those that have the DNS service enabled, such as Domain Controller, DNS Server, or Microsoft Small Business Server configurations.  However, enterprises and small businesses should ensure they update their systems with the patch since this vulnerability has already been exploited.  A successful exploit will completely compromise the computer. 

“As we reported in the recent Internet Security Threat Report, attackers are continuing to leverage browser and application vulnerabilities and social engineering tactics to gain access to computers in order to execute malicious code,” said Oliver Friedrichs, director, emerging technologies, Symantec Security Response.  “These vulnerabilities further validate the trends Symantec reported.  It is important that users protect themselves by updating their computers with recent patches, using common sense when connecting to the Internet, and installing a comprehensive security suite.”

Symantec recommends the following actions for IT administrators:

• Evaluate the possible impact of these vulnerabilities to critical systems.
• Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.
• Take proactive steps to protect the integrity of networks and information.
• Verify that appropriate data backup processes and safeguards are in place and effective.
• Remind users to exercise caution in opening all unknown or unexpected e-mail attachments and in following Web links from unknown or unverified sources.

Symantec recommends the following actions for consumers:

• Regularly run Windows Update and install the latest security patches to keep software up to date.
• Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.
• Use an Internet security solution such as Norton Internet Security 2007 to protect against today's known threats and tomorrow's Internet security risks.
   

Additional information will be available on Symantec’s Security Response Blog shortly at: http://www.symantec.com/enterprise/security_response/weblog/

Additional information on Microsoft’s security bulletins can be found at: http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx

Symantec’s security experts will closely monitor further information related to these vulnerabilities and will provide updates and security content as necessary.  Please let me know if you have any questions or if you are interested in speaking with a Symantec expert on any of the above vulnerabilities.