- Date: July 12, 2006
Summary
Microsoft has released their security fixes for the month of July. This update contains a total of 7 issues, 5 being rated as critical by Microsoft, while two are rated as important. Two vulnerabilities in particular, MS-06-035 (Server Process) and MS06-036 (DHCP) can lead to remote code execution.
Scope
Two of the vulnerabilities announced can lead to remote code execution with little or no user interaction. Successful exploitation of a remote code execution vulnerability can allow an attacker complete access to the system which can lead to a larger network compromise, loss of sensitive materials, or an impact on business operations.
Protection/Response
SecureWorks Research has developed and deployed countermeasures to provide same-day protection against exploitation of the vulnerabilities announced in Microsoft's July Security Bulletin.
Detailed Research Analysis
One of the new critical vulnerabilities involves a malformed Distributed Host Client Protocol (DHCP) request which cause a stack-based memory overflow allowing an attacker to execute arbitrary code. Although the DHCP is not routable over the internet, an exploit designed to take advantage of this vulnerability could be used to attack machines that share the same network segment.
Another new critical vulnerability is within the Microsoft Windows Server Service. The vulnerability allows remote code execution on Microsoft Windows 2000 SP4 and Windows XP SP1. This vulnerability is routable over the internet and could be added to a botnet payload.
Recommendations
SecureWorks recommends installing Microsoft's July patches as part of your internal vulnerability remediation and patch management processes.