Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Home > Services > Advisories > MyCERT Advisories > 2008

MA-133.062008 : MyCERT Special Alert - Vulnerabilities in Microsoft Products

Original Issue Date: 16th June 2008

Microsoft has released notification regarding latest vulnerabilities in its products. There are three vulnerabilities that have been categorized as critical and users are advised to take high precautions and execute remedial action to avoid their machines from being compromised.

Three Microsoft products that are experiencing the vulnerabilities are as below:

Bluetooth
Internet Explorer
DirectX

The details of the vulnerabilities have been summarized in the tables as below and users are advised to undertake a prompt action to fix the vulnerabilities

Produced in 16th June 2008 by MyCERT, CyberSecurity Malaysia, an agency under the Ministry of Science, Technology and Innovation (MOSTI).

Revision History:

Initial Release: 16th June 2008

	Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
CVE / Microsoft Security Bulletin	CVE-2008-1453 / MS08-030
System Affected	Windows XP Service Pack 2 Windows XP Service Pack 3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition Service Pack 2 Windows Vista Windows Vista Service Pack 1 Windows Vista x64 Edition Windows Vista x64 Edition Service Pack 1
Method of infection	Allows the attacker to execute arbitrary code with system privileges. The attacker will have to find an affected computer that can receive Bluetooth signals and then rapidly send a large number of malicious SDP packets to it. The attacker has to be physically close to the affected system, although custom-made Bluetooth antennas can probably undermine this requirement. Microsoft states that a successful attack will be time dependent. Typically, users who are using devices such as Bluetooth-enabled headsets, keyboards, mouse, etc., on an affected Microsoft OS will be vulnerable.
Impact	Remote code Execution
Exploit	N/A
Fixes	Available (http://www.microsoft.com/technet/security/bulletin/MS08-030.mspx) Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.

	Cumulative Security Update for Internet Explorer (950759)
CVE / Microsoft Security Bulletin	CVE-2008-1442 / MS08-031
System Affected	Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4 Internet Explorer 6 for Windows XP SP2 and Windows XP SP3 Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition SP2 Internet Explorer 6 for Windows Server 2003 SP1 and Windows Server 2003 SP2 Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2 Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 7 for Windows XP SP2 and Windows XP SP3 Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition SP2 Internet Explorer 7 for Windows Server 2003 SP1 and Windows Server 2003 SP2 Internet Explorer 7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2 Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems Internet Explorer 7 in Windows Vista and Windows Vista SP1 Internet Explorer 7 in Windows Vista x64 Edition and Windows Vista x64 Edition SP1 Internet Explorer 7 in Windows Server 2008 for 32-bit Systems Internet Explorer 7 in Windows Server 2008 for x64-based Systems Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
Method of infection	Exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the currently logged-in user. A targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites.
Impact	Remote code Execution
Exploit	N/A
Fixes	Available (http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx) Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.

	Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
CVE / Microsoft Security Bulletin	CVE-2008-1444 / MS08-033
System Affected	Windows 2000 SP4 with DirectX 7.0 Windows 2000 SP4 with DirectX 8.1 Windows 2000 SP4 with DirectX 9.0,9.0b and 9.0c Windows XP SP2 and Windows XP SP3 with DirectX 9.0, 9.0b and 9.0c Windows XP Professional x64 Edition and Windows XP Professional x64 Edition SP2 with DirectX 9.0, 9.0b and 9.0c Windows Server 2003 SP1 and Windows Server 2003 SP2 with DirectX 9.0, 9.0b and 9.0c Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2 with DirectX 9.0, 9.0b and 9.0c Windows Server 2003 with SP1 for Itanium-based System and Windows Server 2003 with SP2 for Itanium-based Systems with DirectX 9.0, 9.0b and 9.0c Windows Vista with DirectX 10.0 Windows Vista SP1 with DirectX 10.0 Windows Vista x64 Edition with DirectX 10.0 Windows Vista x64 Edition SP1 with DirectX 10.0 Windows Server 2008 for 32-bit Systems with DirectX 10.0 Windows Server 2008 for x64-based Systems with DirectX 10.0 Windows Server 2008 for Itanium-based Systems with DirectX 10.0
Method of infection	Exploitation of this issue allows an attacker to execute arbitrary code with the privileges of the currently logged-on user. An attacker would need to create a maliciously crafted SAMI file and host it on a website or attach the file to an e-mail. The attacker would then have to entice a vulnerable user to visit the website or open the file in a vulnerable DirectX application such as Windows Media Player.
Impact	Remote code Execution
Exploit	N/A
Fixes	Available (http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx) Should the machine is not able to run Microsoft fix yet, run all software as a nonprivileged user with minimal access rights.