Microsoft releases patches for 18 separate flaws

Computerworld - After a rare lull in March, Microsoft Corp. today released eight security bulletins detailing fixes for 18 separate vulnerabilities affecting a wide range of its software products.
Five of the patches released today under Microsoft's monthly patch release program were for critical flaws, while the rest addressed less serious issues in Microsoft's Windows, Internet Explorer, Exchange, Messenger and Office products.
Among the more serious holes are those affecting Microsoft's IE Web browser software, said Michael Sutton, director of vulnerability research at iDefense Inc. a Reston, Va.-based security intelligence firm that discovered two of the critical vulnerabilities disclosed today.
One of the Internet Explorer flaws, described in Microsoft Security Bulletin MS05-020, results from the way in which IE handles certain dynamic HTML objects, Sutton said. The flaw allows attackers to construct a malicious Web page that could then be used to infect the systems of those who visit the site.
"It is a condition that could result in the execution of arbitrary code on a compromised system," Sutton said.
The other critical IE vulnerability, also detailed in Security Bulletin MS05-020, results from the way Internet Explorer handles certain URLs with very long host names. Host names over 250 characters long can be used to trigger "input validation" errors that could allow malicious hackers to take control of compromised systems. To exploit this vulnerability, an attacker would need to either host a Web site that contains a malicious Web page or compromise someone else's Web site and have it display malicious content, according to Microsoft's description of the flaw.
Though neither flaw is especially easy to exploit, iDefense has developed proof-of-concept code in both instances, Sutton said.
Another of the critical vulnerabilities announced today affects Microsoft's Exchange Server software, according to Security Bulletin MS05-021.
According to Microsoft, the flaw allows an attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted command that could result in a denial-of-service attack or allow an attacker to run malicious programs on the compromised system.
"The Exchange Server flaw is reasonably trivial to exploit," said Neel Mehta, team lead for advanced research at Internet Security Systems Inc.'s X-Force vulnerability research group in Atlanta.
"We are fairly concerned that an [exploit] could become available soon" that takes advantage of the flaw, Mehta said.
Another vulnerability in MSN Messenger that could lead to remote code execution was also rated as critical by Microsoft in Security Bulletin MS05-022.