Operating System:

[WIN]

Published:

14 May 2008

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2008.0498 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                          ESB-2008.0498 -- [Win]
        MS08-029 - Vulnerabilities in Microsoft Malware Protection
                   Engine Could Allow Denial of Service
                                14 May 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Windows Live OneCare
                      Microsoft Antigen for Exchange
                      Microsoft Antigen for SMTP Gateway
                      Microsoft Windows Defender
                      Microsoft Forefront Client Security
                      Microsoft Forefront Security for Exchange Server
                      Microsoft Forefront Security for SharePoint
                      Standalone System Sweeper located in Diagnostics and 
                       Recovery Toolset 6.0
Publisher:            Microsoft
Operating System:     Windows
Impact:               Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-1437 CVE-2008-1438

Original Bulletin:    
  http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS08-029  Moderate

Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of 
Service (952044)

This security update resolves two privately reported vulnerabilities in the 
Microsoft Malware Protection Engine. An attacker could exploit either of the 
vulnerabilities by constructing a specially crafted file that could allow 
denial of service when received by the target computer system and scanned by 
the Microsoft Malware Protection Engine. An attacker who successfully 
exploited either vulnerability could cause the Microsoft Malware Protection 
Engine to stop responding and automatically restart.

The Microsoft Malware Protection Engine is a part of several Microsoft 
products. Depending upon which product is installed, this security update 
has different severity ratings. This security update is rated Moderate for 
Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen for 
SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client 
Security, Microsoft Forefront Security for Exchange Server and Microsoft 
Forefront Security for SharePoint. This security update is rated Low for 
Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.

Affected Software

Windows Live OneCare
Microsoft Antigen for Exchange
Microsoft Antigen for SMTP Gateway
Microsoft Windows Defender
Microsoft Forefront Client Security
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0

Vulnerability Information

Microsoft Malware Protection Engine Vulnerability- CVE-2008-1437

A denial of service vulnerability exists in the way that the Microsoft 
Malware Protection Engine processes specially crafted files. An attacker 
could exploit the vulnerability by constructing a specially crafted file 
that could allow denial of service when received by the target computer 
system and scanned by the Microsoft Malware Protection Engine. An attacker 
who successfully exploited this vulnerability could cause the Microsoft 
Malware Protection Engine to stop responding and automatically restart.

Microsoft Malware Protection Engine Vulnerability- CVE-2008-1438

A denial of service vulnerability exists in the way that the Microsoft 
Malware Protection Engine processes specially crafted files. An attacker 
could exploit the vulnerability by constructing a specially crafted file 
that could allow denial of service when received by the target computer 
system and scanned by the Microsoft Malware Protection Engine. An attacker 
who successfully exploited this vulnerability could cause disk-space 
exhaustion, leading to a denial of service condition and automatic restart.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSCoxNyh9+71yA2DNAQIHEAP9Fu4jQHcgCvl/OwAN6SLWIVOrk6ky8/+O
yfjWcgq9qQutwsvoBnxgX2UonAjERztFf1LKrQoXt0X2vdj6ICMrSj1GEmBf6t+Q
uX4IxVZEfjjPu2u/F7fezU1E6unhYNy5QnZ2nj3SC3Qeh5mX26dj3FJLSeF64OC+
24QUboUa1No=
=AMLT
-----END PGP SIGNATURE-----