Microsoft fixes two flaws in two patches; one is critical
Users of Windows XP, Windows Server 2000, and Windows Server 2003 are most affected by today's announcements.
Microsoft today released its November 2007 security bulletin, which includes only two updates. One is designated as Critical by the software giant and affects how Windows XP and Windows Server 2003 handle Windows URIs. The other bulletin is deemed Important and affects how Windows Server 2000 and Windows Server 2003 handle spoofing attacks. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Entitled "Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)," this bulletin affects users of Microsoft Windows XP SP2 and x64, and Windows Server 2003 x64 and Itanium-based users, and does not affect Windows 2000 or Windows Vista. This patch addresses the vulnerability detailed in CVE-2007-3896. Microsoft says "a remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003." Successful exploitation could allow remote code execution.
Entitled "Vulnerability in DNS Could Allow Spoofing (941672)," this bulletin affects users of Windows Server 2000 and Windows Server 2003 only and addresses the vulnerability detailed in CVE-2007-3898. According to Microsoft, a "spoofing vulnerability exists in Windows DNS Servers and could allow an attacker to send specially crafted responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations." Successful exploitation could allow an attacker to hijack from a legitimate location.