Microsoft Corrects Vulnerabilities in MDAC and Backup Manager

Summary:

These vulnerabilities affect: All current versions of Windows and components that ship with it
How an attacker exploits them: Multiple vectors of attack, including enticing your users into visiting malicious websites or opening specially crafted files
Impact: In the worst case, an attacker can gain complete control of your Windows computer
What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released two security bulletins describing three vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.

MS11-002: MDAC Code Execution Vulnerabilities

The Microsoft Data Access components (MDAC) are a collection Windows components that allow other programs to easily access and manipulate databases. Unfortunately, MDAC suffers from two memory related security vulnerabilities, including a buffer overflow vulnerability. The flaws differ technically, but share the same impact. By luring one of your users into visiting a malicious web page, or visiting a legitimate page that has been hijacked, an attacker could leverage these flaws to execute code on that user’s computer, with the user’s privileges. If you users have local administrative privileges, attackers could leverage these flaws to gain complete control of their PCs. Microsoft rating: Critical

MS11-001: Backup Manager Insecure Library Loading Vulnerability

Windows ships with Backup Manager, which allows users to restore their files to a previous point in time. It is part of Windows’ System Protection and System Restore feature. According to Microsoft, Backup Manager suffers from an insecure Dynamic Link Library (DLL) loading vulnerability, sometimes referred to as a binary planting flaw. We first described this flaw in a September Wire post, which describes this Microsoft security advisory. If an attacker can entice one of your users into opening a malicious Windows Backup (.wbcat) file from the same location as a specially crafted DLL, she could exploit this flaw to execute code on that user’s computer with full system privileges, thus gaining complete control of the computer. This particular flaw only affects the version of Backup Manager that ships with Vista. Since this type of attack requires a user interaction to success, and only affects Vista, it poses less risk that the MDAC flaw described above.
Microsoft rating: Important

Researchers or “gray hats” have already posted exploit code for at least one of these vulnerabilities on a public exploit forum. We recommend you download and install both these updates as quickly as possible, starting with the MDAC update.

Solution Path:

Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

MS11-002:

For Windows XP (w/SP3)
- MDAC 2.8
For Windows XP x64 (w/SP2)
- MDAC 2.8
For Windows Server 2003 (w/SP2)
- MDAC 2.8
For Windows Server 2003 x64 (w/SP2)
- MDAC 2.8
For Windows Server 2003 Itanium (w/SP2)
- MDAC 2.8
For Windows Vista (w/SP1 or SP2)
- MDAC 6.0
For Windows Vista x64 (w/SP1 or SP2)
- MDAC 6.0
For Windows Server 2008 (w/SP2)
- MDAC 6.0
For Windows Server 2008 x64 (w/SP2)
- MDAC 6.0
For Windows Server 2008 Itanium (w/SP2)
- MDAC 6.0
For Windows 7
- MDAC 6.0
For Windows 7 x64
- MDAC 6.0
For Windows Server 2008 R2
- MDAC 6.0
For Windows Server 2008 R2 x64
- MDAC 6.0

MS11-001:

* Note: This update doesn’t affect other versions of Windows

For All WatchGuard Users:

In most cases, these attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS11-001
Microsoft Security Bulletin MS11-002

This alert was researched and written by Corey Nachreiner, CISSP.

Comments

Lamont says
March 1, 2013 at 4:43 am
Oh my goodness! Awesome article dude! Thank you, However I am experiencing troubles with your RSS.
I don’t know the reason why I am unable to join it. Is there anyone else having the same RSS issues? Anyone who knows the solution can you kindly respond? Thanks!!
24 hour appliance repair says
June 14, 2013 at 4:30 am
Hi there I am so excited I found your blog, I really found you by mistake, while I was browsing on
Digg for something else, Anyways I am here now
and would just like to say kudos for a fantastic post and
a all round enjoyable blog (I also love the theme/design), I donít have time to
read it all at the minute but I have saved it and also
added in your RSS feeds, so when I have time I will be back to
read much more, Please do keep up the great work.
- www.rielterde.ru says
  June 12, 2014 at 7:02 am
  Can I simply just say what a relief to find someone that genuinely knows what they are talking about on the net.
  You definitely understand how to bring an issue to light and make it important.
  A lot more people have to look at this and understand this side of the story.
  It’s surprising you aren’t more popular given that you most certainly possess the gift.
Chiquita says
June 15, 2013 at 12:40 am
Appreciating the time and effort you put into your blog and detailed information you offer.
It’s good to come across a blog every once in a while that isn’t the same outdated rehashed information.
Wonderful read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.
Kerrie says
July 26, 2013 at 12:54 am
Good replies in return of this issue with solid arguments and telling the whole thing concerning that.
work from home atlanta says
August 8, 2013 at 5:01 pm
Asking questions are really nice thing if you are not understanding anything completely, but this post gives fastidious understanding even.
Mose says
September 6, 2013 at 3:36 pm
The guun has to perform consistently in all thhe kiddy matches and easily maintainable.
His most valuable tool however, is his ability to eliminate keyy opposing
players. It’s also a good idea for the paintball sniper
to equip his marker with a low profile hopper; sometimes a hopper sticking
out from the top of the gun can give away your secret location.
realestategreenwichct says
October 17, 2013 at 6:15 am
hey, i’m so glad that i stumbled across your web site I will be
sharing this! – real estate keene nh is a passion of mine and and your “Microsoft Corrects Vulnerabilities in MDAC and Backup Manager | WatchGuard Security Center”
article is absolutely fantastic work.
keep it comming I’ll definately be back again real soon!
juicing for colds says
October 18, 2013 at 10:30 am
Thanks in support of sharing such a nice opinion, post is nice, thats why i have read it fully
Leo says
March 22, 2014 at 10:41 am
Hi there would you mind sharing which blog platform you’re
using? I’m going to start my own blog in the near future but I’m having a difficult
time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs
and I’m looking for something completely unique. P.S My apologies for getting
off-topic but I had to ask!
Cathy O. Swinney says
September 26, 2014 at 5:16 pm
I got this web site from my friend who told me about this site and at the
moment this time I am browsing this web page and reading very informative posts at this time.