Ok, so the title may be a little misleading, however there are a few vulnerabilities patched in the latest ‘Microsoft Patch Tuesday’ that are applicable to us BizTalk’ers – although not directly related to BizTalk, they could impact BizTalk installations.
- Security Bulletin MS08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) – A vulnerability in the way IIS (version 5.0, 6.0 and 7.0) handles input to (traditional) ASP pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI).
- Security Bulletin MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) – A vulnerability in the World Wide Web Publishing (W3SVC), FTP Publishing (FTPSVC), and Network News Transport Protocol (NNTP) services under IIS (version 5.0, 6.0 and 7.0) could allow a local attacker to take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
- Security Bulletin MS08-003: Vulnerability in Active Directory Could Allow Denial of Service (946538) – A vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM). The vulnerability is due to improper validation of specially crafted LDAP requests; an attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.