News

Juniper Claims Protection from Microsoft Vulnerabilities

Juniper Networks Inc. has confirmed its Intrusion Detection and Protection (IDP) security systems and ISG firewall/virtual private network (VPN) systems with IDP are able to protect customers against new Microsoft vulnerabilities announced in its July security bulletin.

In its July security bulletin Microsoft has released seven security update, warning five as ‘critical’ security flaws in its Windows operating system and Office software.

• MS06-033 which addresses an information disclosure flaw attackers could exploit to bypass ASP.Net security and gain unauthorized access to objects in the application folders explicitly by name.
• MS06-034, which addresses a remote code execution flaw in Internet Information Services (IIS). Microsoft said an attacker could exploit the vulnerability by constructing a specially crafted Active Server Pages .asp file, potentially allowing remote code execution if the IIS processes the specially crafted file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• MS06-035 addresses two Windows flaws. It is a mailslot heap overflow vulnerability in a server driver that could allow an attacker to take complete control of the affected system; and a server message block information disclosure flaw in the server service that could allow an attacker to view fragments of memory used to store server message block traffic during transport.
• MS06-036 which addresses a buffer overrun flaw in Windows' Dynamic Host Configuration Protocol (DHCP) client service. Attackers could exploit the flaw to take complete control of the affected system, Microsoft said.
• MS06-038 addresses three Microsoft Office flaws that appear when malformed strings and properties are parsed by any of the affected Office applications. "Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious Web site," Microsoft said. "An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution."
• MS06-039 addresses a remote code execution flaw in Microsoft Office. Attackers could exploit the flaw by constructing a specially crafted .png file, which could then permit them to launch malicious code.