Security Bytes: ISS warns of new Microsoft Windows flaw

Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines and Symantec fixes a Brightmail AntiSpam flaw.

This article orginally appeared on SearchSecurity.com.

ISS warns of new Microsoft Windows flaw
Multiple versions of Microsoft Windows are vulnerable to a NULL pointer dereference error in the server driver, which attackers could exploit to crash a system using a specially crafted network packet. Internet Security Systems (ISS) X-Force has uncovered the glitch and has released details in an advisory, warning that an exploit is available in the wild.

"Attackers can reliably cause Microsoft Windows to [go to a] blue screen," ISS said. "Users must reboot to recover from the crash … As of this writing no patch is available for the vulnerability."

ISS said the security hole affects:

  • Microsoft Windows 2000 SP4
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 Itanium
  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows Server 2003 SP1 Itanium
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows XP Pro x64 Edition
  • Microsoft Windows XP SP1
  • Microsoft Windows XP SP2

    Symantec fixes Brightmail AntiSpam flaw
    Antivirus giant Symantec has fixed multiple flaws in its Brightmail AntiSpam product. Attackers could exploit the flaws to read or modify confidential system information, Symantec said in an advisory.

    "Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal sequences," Symantec said. "This directory traversal vulnerability could result in confidential system information being exposed."

    During the installation of email scanners, Symantec said three options are given for identifying the Brightmail AntiSpam control centre that will control the scanner. The first option is a local control centre. The second option is to identify the control centre by its IP address, and the third option allows the control centre to connect from any computer.

    Symantec said the third option could allow an attacker to impersonate the control centre, exposing the following vulnerabilities:

  • The Brightmail AntiSpam service can be hung by sending invalid posts, causing a denial of service.
  • By combining with the directory traversal vulnerability, some system files can be read.
  • By combining with the directory traversal vulnerability, it is possible to overwrite existing files on the same drive as Symantec Brightmail AntiSpam.

    The solution is to upgrade to Symantec Brightmail AntiSpam version 6.0.4 or to Symantec Mail Security (SMS) for SMTP version 5.0.

  • Read more on IT risk management