===================================================================== CERT-Renater Note d'Information No. 2008/VULN575 _____________________________________________________________________ DATE : 10/12/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows Vista, Windows Server 2008 running Windows Search. ====================================================================== KB959349 http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx ______________________________________________________________________ Microsoft Security Bulletin MS08-075 - Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The most severe vulnerability is rated Critical for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerabilities by modifying the way that Windows Explorer frees memory when saving Windows Search files and by modifying the way that Windows Explorer interprets parameters when parsing the search-ms protocol. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update immediately. Known Issues. None Affected Software Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Server 2008 for 32-bit Systems* Windows Server 2008 for x64-based Systems* Windows Server 2008 for Itanium-based Systems * Windows Server 2008 server core installation not affected. The vulnerabilities addressed by these updates do not affect supported editions of Windows Server 2008 if Windows Server 2008 was installed using the Server Core installation option, even though the files affected by these vulnerabilities may be present on the system. However, users with the affected files will still be offered this update because the update files are newer (with higher version numbers) than the files that are currently on your system. Vulnerability Information Windows Saved Search Vulnerability - CVE-2008-4268 A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner. Windows Search Parsing Vulnerability - CVE-2008-4269 A remote code execution vulnerability exists in Windows Explorer that allows an attacker to construct a malicious web page that includes a call to the search-ms protocol handler. The protocol handler in turn passes untrusted data to Windows Explorer. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================