CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (MS11-002)
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
The second vulnerability is due to the way MDAC validates memory allocation. In a web-based attack scenario, exploitation may occur if a user visits a specially crafted website designed to exploit this issue. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.
It should be noted that, by default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that have not been added to the Internet Explorer Trusted sites zone. Also, all supported versions of Microsoft Outlook, Outlook Express, and Windows Mail open HTML e-mail messages in the restricted sites zone, which disables script and ActiveX controls which removes the risk of an attacker being able to execute malicious code within an e-mail.
We recommend the following actions be taken:
- Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Inform and educate users regarding the threats posed by hypertext links contained in emails especially from untrusted sources.
- Remind users not to download or open files from untrusted websites.