Microsoft today just released another update on a security hole. This honestly is good, that the holes are being identified and being plugged. Yes, I am sure there are the “bashers” who would scoff at it, but the reality is, in the millions of lines of code across various products, such thing creeps in and its better to accept the responsibility (Microsoft) and do something about it rather than being in denial.

The bulletin today affects various components of the OS that address network-based remote compromise vulnerabilities in the SMTP service, NTTP service, and NetDDE. Also, on the client side a serious vulnerability has been discovered in compressed (zip) folders. Below is a breakdown of the products:

  1. SMTP Vulnerability (MS04-035)
    • Exchange Server 2003
    • Windows Server 2003
    • Windows XP 64-bit edition
  2. NNTP Vulnerability (MS04-036)
    • Exchange 2000 Server
    • Exchange Server 2003
    • Windows NT 4.0
    • Windows 2000 Server
    • Windows Server 2003
  3. NetDDE Remote Compromise (MS04-031)
    • Windows 2000
    • Windows XP
    • Windows NT 4.0
  4. Compressed Folders Vulnerability (MS04-034)
    • Windows XP
    • Windows 2003

NNTP - A remotely-exploitable buffer overflow condition exists in the NNTP service of modern Windows operating systems. An attacker may gain full control of a vulnerable system through a maliciously-crafted NNTP query. The NNTP service is only enabled by default on installations of Exchange 2000 Server, although it can be manually enabled on other installations.

NetDDE - Network Dynamic Data Exchange is a protocol used for disparate applications to exchange data across a network. It has been largely and essentially was the precursor to DCOM. The NetDDE service contains a buffer overflow vulnerability which might be exploited by a remote and unauthenticated attacker. The NetDDE service does not start by default on modern Windows operating systems. The NetDDE service may be launched without user knowledge by legitimate applications On Windows 2000 and XP. This makes it possible for a user to inadvertently start the NetDDE service. However, on Windows Server 2003 and XP SP2, the NetDDE service is disabled and cannot be started unless explicitly enabled.

Zip/Compressed Folders - Windows XP and Windows Server 2003 have support for Zip file archives bundled in with the operating system through a feature called “Compressed Folders”. If a user can be persuaded to open a maliciously-crafted Zip archive, a buffer overflow vulnerability can be triggered which could lead to remote code execution. Zip archives are commonly regarded as a more-trusted file format, increasing the potential for exploitation.

More Information: