The Web    Google
Another Flaw Found in Microsoft VM

Another Flaw Found in Microsoft VM
April 9, 2003
Ryan NaraineBy

Microsoft (Quote, Chart) on Wednesday warned of another critical security hole in Microsoft virtual machine (VM) that could allow an intruder to take control of vulnerable Windows systems.

The latest alert comes on the heels of another Microsoft VM vulnerability which was detected and patched last December.

The software giant slapped its maximum security rating on the latest flaw and urged VM users to install build 3810 or later. "All builds of the Microsoft VM up to and including build 5.0.3809 are affected by these vulnerabilities," the company warned.

Microsoft VM is a virtual machine for the Win32 environment and ships in most versions of Windows and Internet Explorer.

The alert cautioned that the security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded.

"The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail," the company said.

For a Web-based attack to be successful, Microsoft said a user would have to be lured into visiting a web site that the attacker controlled.

Because Java applets are disabled within the Restricted Sites Zone, any mail client that opened HTML mail within the Restricted Sites Zone, such as Outlook 2002, Outlook Express 6, or Outlook 98 or 2000 when used in conjunction with the Outlook Email Security Update, would not be at risk from the mail-based attack vector.

The latest security hole would only allow an intruder to gain the privileges of the user, the company said, noting that customers who operate with less than administrative privileges would be at less risk from the vulnerability. It urged IT administrators to limit the risk posed to their users by using application filters at the firewall to inspect and block mobile code.

The company also released the 12th security alert for the year, warning of a flaw in the Winsock Proxy Service and ISA Firewall Service that could lead to denial-of-service scenarios.

The company urged sysadmins running Microsoft Proxy Server 2.0 or Microsoft Internet Security and Acceleration (ISA) Server 2000 to apply a patch to fix the vulnerability.

An attacker on the internal network could target the flaw and send a specially crafted packet that would cause the server to stop responding to internal and external requests. Receipt of such a packet would cause CPU utilization on the server to reach 100 percent, making the server unresponsive.

The Winsock Proxy service and Microsoft Firewall service work with FTP, telnet, mail, news, Internet Relay Chat (IRC), or other client applications that are compatible with Windows Sockets (Winsock).

  • Would Do-Not-Spam List Benefit the Enterprise?
  • XP SP2 Deadline Extended
  • 3/8: Kelvir-D an IM Worm
  • AntiOnline Security Spotlight: CD-Wrecker
  • Bush Likely to Sign Anti-Spam Bill by Jan. 1
  • Neoteris Extends Gateway Access
  • OpenVMS: An Old OS Hasn't Lost Security Footing
  • 7/12 Atak.A Worm Low Threat but High Traffic
  • Report: CEOs Stagnant on Security
  • VeriSign Strengthens Secured Seal
  • NIKSUN offers a security camera for your network
  • Computer security background information