Whipnet's Home
Home
Whipnet's Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet

 


Business Consultations
You Are Here --->
Software Services
Virus Removal Services
 
Technical Hand - Hardware - LAN - Rollouts

 

 

Where is the Industry Headed?

Future of Computing

Home | Computer Hardware ServicesMicrosoft Security Bulletins

The information provided in this site is provided "as is" without warranty of any kind. Microsoft Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Furthermore, this information is only listed as a resource for such information by Whiptech. Whiptech is in no way responsible for the use or misuse of the information by anyone, anywhere, at anytime.

Home | Computer Hardware ServicesMicrosoft Patch Disclosure - August 2006

Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
Published: August 8, 2006
Microsoft Severity Rating: Critical


Description:
There is a remote code execution vulnerability in Windows that results from incorrect parsing of the MHTML protocol. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially lead to remote code execution if a user visited a specially crafted Web site or clicked a link in a specially crafted e-mail message.

If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.


Mitigating Factors:
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.

. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

. By default, Outlook Express 6 opens HTML e-mail messages in the Restricted sites zone.

The Restricted sites zone helps limit attacks that could try to exploit this vulnerability by preventing ActiveX Controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the use could still be vulnerable to this issue through the Web-based attack scenario.

. By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability in the e-mail vector because reading e-mail messages in plain text is the default configuration for Outlook Express. See the FAQ section for this security update for more information about Internet Explorer Enhanced Security Configuration.

Affected Software:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition


HOME                                                          2002-2017 Whipnet Technologies