Security...

 

Microsoft Security Bulletin Update
October 2005

 

The monthly Microsoft security updates for October 2005 were released on Tuesday October 11th.  A total of 9 security updates were released, addressing 14 separate issues in supported Windows operating systems and related components.  The October bulletins include MS05-044 thru MS05-052.   , Microsoft rates 3 at a "critical" level, 4 rated as "Important" and 2 are listed as "Moderate".    The list of October 2005 Security Bulletins follows:

MS05-044 - Moderate

Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

 

MS05-045 - Moderate

Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

 

MS05-046 - Important

Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

 

MS05-047 - Important

Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)

 

MS05-048 - Important

Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

 

MS05-049 - Important

Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

 

MS05-050 - Critical

Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

 

MS05-051 - Critical

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

 

MS05-052 - Critical

Cumulative Security Update for Internet Explorer (896688)

The potential impact to RALS customers are color coded as follows:

  • red (immediate threat/urgent action needed)

    •

  • black (action needed/recommended)

    •

  • green (routine process or no action needed)

MS05-044 - Moderate

Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

  • This update resolves a newly discovered, public vulnerability in the Windows FTP client.

  • This affects systems running IE 6 Service Pack 1 on Windows 2000 SP4 systems [and other Windows operating systems].

  • This vulnerability could allow an attacker to tamper with the file transfer location on the client during an FTP file transfer session.  If an attacker successfully persuades users to visit an FTP server hosting files with specially-crafted file names, the attacker would have no way of forcing files to be transferred. User interaction is required before the file can be transferred to the affected system. 

  • Typical RALS systems do have IE installed and require its use for the web based system components of RALS.  This vulnerability cannot be exploited without user interaction.  The user cannot be forced to visit the malicious web page and the intended use for the RALS systems does not support users using the RALS systems for non-RALS related "web-surfing" activities.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The update appears to change 1 file on Windows 2000 systems.  The expected risk for adverse effects on RALS operations from this update is low.

MS05-045 - Moderate
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

  • This update resolves a newly-discovered, public vulnerability that exists in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager.

  • This affects Windows 2000 [and other Windows operating systems].

  • An attacker who successfully exploited this vulnerability could cause the component responsible for managing network and remote access connections to stop responding.   An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

  • As Windows based systems, all RALS systems are potentially at risk as are related systems such as the iStat DE system.  While most RALS systems are protected from direct internet access by customer firewalls, the systems would not be protected from remote attacks from inside the customer network.  Network attacks may be based on access to UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, 593 and all unsolicited inbound traffic on ports greater than 1024

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.  Based on the other Windows systems affected, it would appear likely that Windows NT would be vulnerable.

  • Due to the possible unaddressed vulnerability on Windows NT 4 systems, would use all available means to encourage customers to protect NT systems from any internet access by firewalls and to retire the NT platforms as soon as possible.

  • Recommend this update be tested against supported versions of RALS products and if successful, be approved, released, and applied as a critical RALS security update.  The update appears to change 1 file on Windows 2000 systems.  The expected risk for adverse effects on RALS operations should be low.

MS05-046 - Important
 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

  • This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare.

  • By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue.

  • No RALS-Plus system has the CSNW configuration enabled.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.  Based on the other Windows systems affected, it would appear likely that Windows NT would be vulnerable.

  • Recommendation is no action needed for this update since the affected software is not provided with any RALS installations.

MS05-047 - Important
 Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749)

  • This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system.

  • This affects Windows 2000 Server [And other Windows operating systems.]

  • This update replaces the update that is included with Microsoft Security Bulletin MS05-039.

  • An attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts.

  • As Windows based systems, all RALS systems are potentially at risk as are related systems such as the iStat DE system.  While most RALS systems are protected from direct internet access by customer firewalls, the systems would not be protected from remote attacks from inside the customer network.  Network attacks may be based on access to TCP ports 139 and/or 445.  Network attacks may also need to use broadcast network traffic that would typically not be passed through routers.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be tested against supported versions of RALS products and if successful, be approved, released, and applied as a critical RALS security update.  The update appears to change 1 file on Windows 2000 systems.  The expected risk for adverse effects on RALS operations should be low. 

MS05-048 - Important
 Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245)

  • This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system.

  • This affects Windows 2000 [and other Windows operating systems].

  • An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system.

  • While RALS systems could be open to this issue, by default Microsoft Internet Information Services (IIS) 5.0 Simple Mail Transfer Protocol (SMTP) does not use the event sinks, which use the Cdosys.dll file and the Cdoex.dll file.   Further, no RALS applications make use of the functionality provided by these modules.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The expected risk for adverse effects on RALS operations from this update is low.

MS05-049 - Important

Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

  • This update resolves three newly-discovered, privately-reported vulnerabilities.

  • This affects Windows 2000 [and other Windows operating systems].

  • An attacker could exploit these vulnerabilities by hosting a malicious web page and enticing the user to visit this site or delivering the malicious content by other means such as email.  These issues can NOT be exploited without user interaction.  The impact of successful exploit could be remote code execution.  If the logged in user had administrative rights, the code execution could take complete control over the system.

  • This update replaces the previously released updates: MS05-016 and MS05-024.

  • This vulnerability cannot be exploited without user interaction.  The user cannot be forced to visit a malicious web page and the intended use for the RALS systems does not support users using the RALS systems for non-RALS related "web-surfing" activities nor provide for receiving emails with potentially malicious content or attachments..

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The expected risk for adverse effects on RALS operations from this update is low. The update appears to change 7 files on Windows 2000 systems.

MS05-050 - Critical

Vulnerability in DirectShow Could Allow Remote Code Execution (904706)

  • This update resolves a newly-discovered, privately-reported vulnerability in DirectShow.

  • This affects Microsoft DirectX 7.0 and higher on Windows 2000 with Service Pack 4 [and other versions of Microsoft DirectX on other Windows operating systems].

  • An anonymous user who could deliver a specially crafted .avi file to the affected system could try to exploit this vulnerability. The vulnerabilities could not be exploited without user interaction.  No intended use of the RALS products involves receiving or playing .AVI files on any RALS system or allowing users methods to deliver malicious .AVI file content to a RALS system.

  • This update replaces the previously released update MS03-030.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The update appears to change 1 file on Windows 2000 systems.  The expected risk for adverse effects on RALS operations from this update is low.

MS05-051 - Critical

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

  • This update resolves four (4) newly-discovered, privately-reported vulnerabilities.

  • This affects Windows 2000 [and other Windows operating systems] and replaces previously released Microsoft updates (MS03-026, MS03-039, and MS05-012) for Windows 2000.

  • This update addresses four separate vulnerabilities: the MSDTC vulnerability and COM+ vulnerability both can be exploited by anonymous user interaction, however firewall best practices and standard default firewall configurations can help protect against attacks that originate from the Internet.  The TIP vulnerability and the Distributed TIP vulnerability if exploited would most likely result in a denial of service.

  • An attacker could try to exploit a vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code.   An anonymous user could potentially exploit this issue remotely, with no user interaction needed.

  • As Windows based systems, all RALS systems are potentially at risk as are related systems such as the iStat DE system.  While most RALS systems are protected from direct internet access by customer firewalls, the systems would not be protected from remote attacks from inside the customer network.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems

  • Recommend this update be tested against supported versions of RALS products and if successful, be approved, released, and applied as a critical RALS security update The expected risk for adverse effects on RALS operations from this update is medium.

  • After the initial release of this update, Microsoft has issued a Security Advisory (909444) regarding the application of this update on Systems That Have Non-default File Permissions.

    •

MS05-052 - Critical
Cumulative Security Update for Internet Explorer (896688)

  • This update resolves a newly-discovered public vulnerability and other privately-reported variations of the same vulnerability in Internet Explorer.

  • This affects Windows 2000 systems running IE 6 [and other Windows operating systems].

  • As a cumulative update to IE this update replaces previous IE cumulative updates including MS05-037 on Windows 2000 systems.  This update also replaces the update that is included with Microsoft Security Bulletin MS05-038. 

  • An attacker could exploit the vulnerabilities by hosting a malicious web page and enticing the user to visit this site or delivering the malicious HTML content by other means such as email.  These issues can NOT be exploited without user interaction.  The impact of successful exploit could be remote code execution.  If the logged in user had administrative rights, the code execution could take complete control over the system.

  • Typical RALS systems do have IE installed and require its use for the web based system components of RALS.  This vulnerability cannot be exploited without user interaction.  The user cannot be forced to visit the malicious web page and the intended use for the RALS systems does not support users using the RALS systems for non-RALS related "web-surfing" activities.

  • NOTE:  Since Microsoft has ended support for Windows NT based systems, the potential for this vulnerability to affect Windows NT based systems was not addressed nor was any patch provided by Microsoft for NT systems.

  • Recommend this update be included with the next regular RALS product test and release cycle.  The expected risk for adverse effects on RALS operations from this update is low.

Medical Automation Systems reviews all Microsoft security patches when they are released. No problems with the RALS systems have been found by our internal testing or reported by customers following the application of these security updates.  The application of these updates to the standard RALS system configuration has been approved.  Microsoft rates some of these as 'critical' but the vulnerabilities may in fact pose no risk to the RALS system if customers adhere to the intended use of RALS.

 

MS Patches NOT Critical to RALS Functionality If MAS determines that the vulnerability as described in a Microsoft bulletin should not adversely affect the RALS functionality when the system is used as intended, the security patch will be tested and included in the next routine product version release.  Should the user apply the patches, MAS cannot guarantee or warrant its operation or impact on the RALS system.  In this situation there will be no routine customer notification. 

 

MS Patches Critical to RALS Functionality If it is determined that the security vulnerability as described in a Microsoft bulletin is critical to the RALS functionality, MAS will notify customers via a broadcast email from SecurityUpdates@rals.com and by notice on the MAS website http://www.rals.com .

RALS-Plus I RALS-Web I RALS-eQuiz I RALS-TGCM I RALS-Report I Device Interfacing
Customer Support I Clinical Questions I MS Vulnerabilities I MS Updates I RRC Password of the Day
RRC Installation I RALS-Dataports I MAS News I About MAS I Case Studies
Contact Us I POC Links I Home I Legal Notice

© 2005 Medical Automation Systems, Inc., Charlottesville, VA USA. All rights reserved.