Two thousand and flaw starts for Microsoft

Microsoft today released its first security bulletin of 2004 with three alerts, one of which the software giant warns is critical.

The most serious vulnerability, MS04-001, occurs in Internet Security and Acceleration Server 2000 (ISA Server), the company's firewall and web cache offering.

The flaw centres on the H.323 filter for the product and could allow a malicious hacker to overflow a buffer in the firewall component.

If the buffer overflow is successfully exploited an attacker could run arbitary malicious code in the security context of the Microsoft Firewall Service and so gain control of the system.

The H.323 filter is enabled by default on servers running ISA Server 2000 computers that are installed in integrated or firewall mode.

However, Microsoft added, ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default, so users can prevent the risk of attack by disabling the H.323 filter.

As well as ISA Server 2000, affected products include Microsoft Small Business Server 2000 and Microsoft Small Business Server 2003.

The second vulnerability, MS04-002, with a 'moderate' security rating, affects Microsoft Exchange Server.

The vulnerability could allow attackers access to email accounts of Exchange 2003 front-end server and Outlook Web Access users. Microsoft said the flaw causes "random and unreliable" access to mailboxes that have been recently accessed via Outlook Web Access.

The company stressed that this attack would be very difficult to complete successfully as an attacker would first have to authenticate to an Exchange Server 2003 front-end server.

The final alert, MS04-003, applies to Microsoft Data Access Components, which are used to provide database connectivity on Windows platforms.

The vulnerability could provide an attacker with the means to compromise a Microsoft Windows-based system and then take a variety of actions, including executing code.

Microsoft has rated this vulnerability as important, but added that, for an attack to be successful, a hacker would have to simulate an SQL server on the same IP subnet as the target system.

The security bulletins can be found here.