Need more info? CONTACT US
Sourcefire VRT Advisory

Microsoft DNS, Exchange, CAPICOM, IE and Excel Vulnerabilities

2007-05-08

Synopsis:

The Sourcefire VRT is aware of vulnerabilities affecting Microsoft DNS Server Service, Microsoft Exchange Server, Microsoft CAPICOM, Microsoft Internet Explorer and Microsoft Excel.

Details:

Microsoft Security Bulletin MS07-029 Microsoft DNS Server Service is prone to a vulnerability that may allow a remote attacker to execute code on an affected system. The issue is present in the RPC interface of servers using Microsoft's implementation of DNS.

In order to detect attacks targeting this vulnerability, the DCE/RPC preprocessor must be configured to use 'autodetect'. This is the default behavior for this preprocessor.

Detection for attacks targeting this vulnerability was previously released.

Microsoft Security Bulletin MS07-028 A vulnerability in Microsoft Cryptographic API Component Object Model (CAPICOM) may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in this release and are identified as SIDs 11230 through 11235

Microsoft Security Bulletin MS07-027 Microsoft Internet Explorer suffers from programming errors that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in this release and are identified as SIDs 11224 through 11229, 11247, 11248 and 11257.

Also, other rules that detect attacks targeting this vulnerability were previously released and are identified as SIDs 9427 and 9428.

Microsoft Security Bulletin MS07-026 Microsoft Exchange Server incorrectly handles certain electronic mail transactions. This may allow a remote attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 11222.

Additionally, a rule that also detects attacks targeting this vulnerability was previously released and is identified as SID 2665.

Microsoft Security Bulletin MS07-023 Microsoft Excel is prone to a vulnerability that may allow a remote attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 11258.

For Assistance:

About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.

About Sourcefire
Sourcefire, Inc. (Nasdaq: FIRE), Snort creator and open source innovator, is a world leader in Enterprise Threat Management (ETM) solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks. The Sourcefire 3D System is the first to unify IPS, NBA, NAC and Vulnerability Assessment technologies under the same management console. This ETM approach affords customers with an efficient and effective layered security defense - protecting network assets before, during and after an attack. Through the years, Sourcefire has been consistently recognized for its innovation and industry leadership by customers, media and industry analysts alike - with more than 30 awards and accolades. Recently, Sourcefire was positioned in the Leaders Quadrant of Gartner's "Magic Quadrant for Network Intrusion Prevention System Appliances 2H06" report, and the Sourcefire 3D System was named "Best Security Solution" at the 2006 SC Magazine Awards. Today, the names Sourcefire and founder Martin Roesch have grown synonymous with innovation and network security intelligence.

For more information about Sourcefire, please visit www.sourcefire.com.