Microsoft’s Security Bulletin MS03-051, “Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution,” addresses two new vulnerabilities. The more dangerous of the two, a buffer overrun error, could allow a remote attacker to run arbitrary code on the server.
Microsoft’s Security Bulletin MS03-050, “Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run,” is rated “Important” by Microsoft. This vulnerability involves the use of macros.
The Excel patch to fix the vulnerability designated CAN-2003-0821 supersedes those found in MS01-050, MS02-031, and MS02-059.
The Word patch for CAN-2003-0820 supersedes those provided in MS02-021,MS02-031, MS02-059, and MS03-035.
- Microsoft Windows 2000 Service Pack 2, Service Pack 3
- Windows XP Service Pack 1
- Office XP Service Pack 1, Service Pack 2
The following are not affected:
- Microsoft Windows Millennium Edition
- Windows NT 4.0 and Windows NT Server TSE 4.0, Service Pack 6a
- Windows 2000 Service Pack 4
- Windows XP 64-Bit Edition
- Windows Server 2003 (Windows SharePoint Services)
- Windows Server 2003 64-Bit Edition (Windows SharePoint Services)
- Office System 2003
- Excel 97, Excel 2000, Excel 2002
- Word 97, Word 98(J), Word 2000, and Word 2002
- Microsoft Works Suite 2001, Works Suite 2002, Works Suite 2003, and Works Suite 2004
Not affected are:
- Word 2003
- Excel 2003
Risk level: Maximum level is critical
MS03-051 is rated critical for all except the FrontPage Server Extensions that shipped with Windows XP. MS03-050 is rated important for all affected software.
For MS03-051, Windows XP does not install FrontPage Server Extensions by default.
For MS03-050, Microsoft reports that if “Office 97 or Office 2000 has installed the Office Documentation Open Confirm Tool, the user will always get a ‘file open’ warning dialog box when trying to open an Office document using Internet Explorer.” In Office XP and Office System 2003, the “file open” warning is enabled by default.
Fix: Apply supplied patches
For both security bulletins, you should simply apply the referenced patches.
For MS03-051, a possible workaround is to disable FrontPage Server Extensions under the IIS section in Add/Remove Programs. To learn if you are running FrontPage Server Extensions, search for fp4awel.dll and fp5awel.dll. For details, read the security bulletin.
MS03-050 is a macro vulnerability, so the best workaround is to simply not open documents from untrusted sources.
Also watch for…
- Apple has released Mac OS X 10.3 Panther, in part to correct a Mail vulnerability that allows plaintext passwords to be used in some configurations. According to Apple “Mail fixesCAN-2003-0881in the Mac OS X Mail application, if an account is configured to use MD5 Challenge Response, it will attempt to log in using CRAM-MD5 but will silently fall back to plaintext if the hashed login fails.
- SAP’s DB Web tools have multiple vulnerabilities that can allow remote code execution or disclose files to remote users. The following CVE references are covered by the fix: CAN-2003-0940 , CAN-2003-0941, CAN-2003-0942, CAN-2003-0943, CAN-2003-0944, CAN-2003-0945. A new version (7.4.03.30) has been released. See the original @Stake advisory for more information.
- ZDNet has reported that a Harvard undergraduate has published a white paper showing how a flaw in Exchange 5.5 and 2000 Mail Server could allow spammers to take over a system.
- Hewlett-Packard has announced that there is an unspecified denial of service vulnerability in HP-UX 11.x. The company isn’t supplying any further details but has posted patches at http://itrc.hp.com/.
- MIT recently announced that it will block all executable e-mail attachments through its servers. I don’t know why it took them so long or why anyone would open HTML e-mails or e-mail attachments from unknown sources, but look for other companies to jump on this bandwagon.