ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
*UNPATCHED* Vulnerability in Windows XP/Server 2003 running IE 7


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number:  101707-01
Alert Date:  10/17/07
Alert Title:  *UNPATCHED* Vulnerability in Windows XP/Server 2003 running IE 7
Update-to: NONE
OS/Platform/Application:
Microsoft Windows XP (all versions and service packs) running Internet Explorer 7
Microsoft Windows Server 2003 (all versions and service packs) running Internet Explorer 7
Category:  ALERT
Severity:  HIGH
Attention:  Windows system Administrators, Desktop Support Personnel, Microsoft Users

Summary:  Multiple Internet security-related agencies are currently reporting the existence of a vulnerability in Microsoft Windows XP and Server 2003 systems running Internet Explorer 7.x.  This vulnerability was acknowledged by Microsoft in a security advisory released on October 10 2007 and deals with a problem that could occur when a user clicks on a maliciously-crafted web link.

The combination of Windows XP/Server 2003 and IE7 is the ONLY requirement to make a system vulnerable to this exploit.  Exploitation of the vulnerability can occur when a link is clicked via applications OTHER THAN Internet Explorer 7.  The vector of exploit may be found in obvious sources such as web pages and emails AND also less obvious ones such as those found in Adobe Acrobat PDF documents and Skype or IRC Chat messages.  The exploit can also occur when malicious links are clicked via other browsers such as Mozilla FireFox and Netscape Navigator.  It is possible that links clicked via other applications may also provide a mechanism of exploitation to vulnerable systems.

At the time of this writing (10:35 AM EST 10/17/07) NO official patch has been supplied from Microsoft to address this issue.  Reports from security agencies indicate that exploit code for this vulnerability has been made available and is currently circulating in the wild.

Recommended Actions:   Users of MS Windows XP/Server 2003 with IE7 are strongly encouraged NOT to open email attachments or click on web links (in any format) from untrusted sources.  System Administrators and users should read the vulnerability descriptions (links provided below) and prepare to apply the patch when it is made available from Microsoft.

ITS Actions:  ITS Systems Management and Operations Staff will apply all necessary patches to the appropriate ITS servers as part of the next scheduled system update.

Resources:

Secunia Advisory:
http://secunia.com/advisories/26201/

Microsoft Security Advisory 943521:
http://www.microsoft.com/technet/security/advisory/943521.mspx

 
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies