"Lots of new bulletins from Microsoft -- 12 of them, maybe are critical risks -- anonymously remotely exploitable vulnerabilities that give an attacker full control over an exploited system."
http://www.microsoft.com/athome/security/update/bulletins/default.mspx
June -
http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspxAffected products
Almost all versions of windows inc 98,ME
IE6 , IE501
pity it's part of the OS
Media Player 10, 9 , 7.1
Jscript 5.6 , 5.1
it's most likely on your machine
Word 2000 or later, word viewer 2003, works suite 2002 or later
powerpoint 2000 or later - powerpoint for MAC v.X , 2004
Exchange Server 2003
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspxWhat causes the vulnerability?
An unchecked buffer in the TCP/IP Protocol driver.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Workarounds
Block IP packets containing IP source route options 131 and 137 at the firewall
Disable IP Source Routing
What does the update do?
The update removes the vulnerability by modifying the way that TCP/IP Protocol driver validates the length of a message before it passes the message to the allocated buffer.
I'm really fed up with this sort of hole in Windows, you just can't claim reliability or security if you don't validate input length on a system where continuing past the end of the buffer could mean parts of the program get overwritten by the data stream.
In effect you are allowing an atacker to insert their own sub-routines into the program.
IMHO The most basic check is - If I have assigned N bytes storage to accept data, then I should stop accepting data when I get to N bytes. :mad: :mad: :mad: /RANT