Archive for the ‘Security’ Category
Patch Tuesday, Feb 9 2010 Bulletins
This alert is to provide you with an overview of the new security bulletin(s) being released on February 09, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities. We will also provide an overview of one new security advisory being released.
New Security Bulletins
Microsoft is releasing the following 13 new security bulletins for newly discovered vulnerabilities:
|
Bulletin ID
|
Bulletin Title
|
Max Severity Rating
|
Vulnerability Impact
|
Restart Requirement
|
Affected Software*
|
|
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) |
Important
|
Remote Code Execution |
May require restart |
Microsoft Office XP, Office 2004 for Mac. |
|
|
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) |
Important
|
Remote Code Execution |
May require restart |
Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac. |
|
|
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) |
Moderate
|
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
|
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) |
Critical
|
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
|
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) |
Critical
|
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
|
Cumulative Security Update of ActiveX Kill Bits (978262) |
Critical
|
Remote Code Execution |
May require restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
|
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) |
Critical
|
Remote Code Execution |
Requires restart |
Microsoft Windows Vista and Windows Server 2008. |
|
|
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) |
Important
|
Denial of Service |
Requires restart |
Microsoft Windows Server 2008 and Windows Server 2008 R2. |
|
|
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) |
Important
|
Elevation of Privilege |
Requires restart |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
|
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) |
Important
|
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
|
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) |
Critical
|
Remote Code Execution |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. |
|
|
Vulnerability in Kerberos Could Allow Denial of Service (977290) |
Important
|
Denial of Service |
Requires restart |
Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008. |
|
|
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) |
Important
|
Elevation of Privilege |
Requires restart |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. |
|
|
* The list of affected software in the summary table is an abstract. To see the full list of affected components, including information on whether Server Core installations are affected, please visit the bulletin via the link in the left column and review the "Affected Software" section. |
|||||
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
New SecuRity Advisory
In addition to the new security bulletin, Microsoft is also releasing a new security advisory on February 09, 2010. Here is an overview:
|
Identifier |
Vulnerability in TLS/SSL Could Allow Spoofing (977377) |
|
Summary |
Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability.
As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues.
As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation.
Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs. |
|
Affected Software |
· Windows 2000 (All Supported Versions) · Windows XP (All Supported Versions) · Windows Server 2003 (All Supported Versions) · Windows Vista (All Supported Versions) · Windows Server 2008 (All Supported Versions) · Windows 7 (All Supported Versions) · Windows Server 2008 R2 (All Supported Versions) |
|
Recommendations |
Review Microsoft Security Advisory 977377 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources. |
|
Additional Resources |
· Microsoft Security Advisory 977377: http://www.microsoft.com/technet/security/advisory/977377.mspx · Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/ · Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/ · Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/ |
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft February Security Bulletins (Level 200)
Date: Wednesday, February 10, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032427679
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-003
|
|
Bulletin Title |
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
The update addresses the vulnerability by modifying the way that Microsoft Office opens files. |
|
Severity Ratings |
This security update is rated Important for all supported editions of Microsoft Office XP and Microsoft Office 2004 for Mac. |
|
Affected Software |
Microsoft Office XP, Office 2004 for Mac. |
|
Attack Vectors |
· A maliciously crafted Office document. · A maliciously crafted e-mail attachment. |
|
Mitigating Factors |
· Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. |
|
Restart Requirement
|
This update may require a restart. |
|
Bulletins Replaced by This Update
|
MS09-062 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-004
|
|
Bulletin Title |
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) |
|
Executive Summary |
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file.
The security update addresses the vulnerabilities by changing the way that Microsoft Office PowerPoint and Microsoft PowerPoint Viewer parse specially crafted PowerPoint files. |
|
Severity Ratings |
This security update is rated Important for supported editions of Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac. |
|
Affected Software |
Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac. |
|
Attack Vectors |
· A maliciously crafted PowerPoint file. · A maliciously crafted e-mail attachment. · A maliciously crafted Web page. |
|
Mitigating Factors |
· Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. |
|
Restart Requirement
|
This update may require a restart. |
|
Bulletins Replaced by This Update
|
MS09-017 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-005
|
|
Bulletin Title |
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.
The security update addresses the vulnerability by modifying the way that Microsoft Paint decodes JPEG image files. |
|
Severity Ratings |
This security update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Attack Vectors |
· A maliciously crafted image file. · A maliciously crafted e-mail attachment. · A maliciously crafted Web page. |
|
Mitigating Factors |
· An attacker must convince the user to open the malicious file in Microsoft Paint. · Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. · Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-005.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-006
|
|
Bulletin Title |
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) |
|
Executive Summary |
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.
The security update addresses the vulnerabilities by correcting the manner in which the SMB client validates responses. |
|
Severity Ratings |
This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. |
|
Attack Vectors |
A specially crafted SMB response to a client-initiated SMB request. |
|
Mitigating Factors |
· To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. · Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
MS06-030 and MS08-068. |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-006.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-007
|
|
Bulletin Title |
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
The security update addresses the vulnerability by correcting the way that the ShellExecute API validates input parameters. |
|
Severity Ratings |
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Attack Vectors |
· A maliciously crafted application · A maliciously crafted e-mail attachment · A maliciously crafted Web page |
|
Mitigating Factors |
Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-008
|
|
Bulletin Title |
Cumulative Security Update of ActiveX Kill Bits (978262) |
|
Executive Summary |
This security update addresses a privately reported vulnerability that could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. This update also includes kill bits for these four third-party ActiveX controls: · Symantec WinFax Pro 10.3 · Google Desktop Gadget v5.8 · Facebook Photo Updater 5.5.8 · Panda ActiveScan Installer 2.0
The security update addresses the vulnerability by setting a kill bit so that the vulnerable control does not run in Internet Explorer. |
|
Severity Ratings |
This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. |
|
Attack Vectors |
A maliciously crafted Web page |
|
Mitigating Factors |
· Users would have to be persuaded to visit a malicious Web site. · Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Restart Requirement
|
This update may require a restart. |
|
Bulletins Replaced by This Update
|
MS09-055 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-009
|
|
Bulletin Title |
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) |
|
Executive Summary |
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled.
The security update addresses the vulnerabilities by changing the way Windows TCP/IP performs bounds checking and other packet handling operations. |
|
Severity Ratings |
This security update is rated Critical for Windows Vista and Windows Server 2008. |
|
Affected Software |
Microsoft Windows Vista and Windows Server 2008. |
|
Attack Vectors |
Maliciously crafted network packets |
|
Mitigating Factors |
· Microsoft has not identified any mitigations for CVE-2010-0239, CVE-2010-0241, and CVE-2010-0242. · For CVE-2010-0240 only: This vulnerability only impacts Windows systems if they have installed a custom network driver that splits the UDP header into multiple MDLs. Microsoft is not aware of any driver that takes this action. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-009.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-010
|
|
Bulletin Title |
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server.
The security update addresses the vulnerability by correcting the way Hyper-V server validates encoding on machine instructions executed inside its guest virtual machines. |
|
Severity Ratings |
This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2. |
|
Affected Software |
Microsoft Windows Server 2008 and Windows Server 2008 R2. |
|
Attack Vectors |
A maliciously crafted application. |
|
Mitigating Factors |
An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-011
|
|
Bulletin Title |
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out.
The security update addresses the vulnerability by correcting the manner in which users’ processes are terminated upon logout. |
|
Severity Ratings |
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, and Windows Server 2003. |
|
Attack Vectors |
A maliciously crafted application. |
|
Mitigating Factors |
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-011.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-012
|
|
Bulletin Title |
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) |
|
Executive Summary |
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.
The security update addresses these vulnerabilities by correcting the way that SMB validates SMB requests. |
|
Severity Ratings |
This security update is rated Important for all supported editions of Microsoft Windows. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. |
|
Attack Vectors |
Maliciously crafted network packets. |
|
Mitigating Factors |
Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
MS09-001 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-012.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-013
|
|
Bulletin Title |
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
The security update addresses the vulnerability by correcting the way that DirectShow opens AVI files. |
|
Severity Ratings |
This security update is rated Critical for all supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, for which this security update is rated Important. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. |
|
Attack Vectors |
· A maliciously crafted .AVI file. · A maliciously crafted e-mail attachment. · A maliciously crafted Web page. |
|
Mitigating Factors |
· Users would have to be persuaded to visit a malicious Web site. · Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. · Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
MS09-028 and MS09-038 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-014
|
|
Bulletin Title |
Vulnerability in Kerberos Could Allow Denial of Service (977290) |
|
Executive Summary |
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
This update addresses the vulnerability by correcting the way the Kerberos server deals with ticket renewal requests. |
|
Severity Ratings |
This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. |
|
Affected Software |
Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008. |
|
Attack Vectors |
Maliciously crafted ticket renewal requests. |
|
Mitigating Factors |
Microsoft has not identified any mitigations or workarounds for this vulnerability. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
None |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx |
|
Bulletin Identifier
|
Microsoft Security Bulletin MS10-015
|
|
Bulletin Title |
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) |
|
Executive Summary |
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application.
The security update addresses the vulnerabilities by ensuring that the Windows Kernel handles exceptions properly.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 979682. |
|
Severity Ratings |
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems. |
|
Affected Software |
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. |
|
Attack Vectors |
· A local logon · A maliciously crafted application |
|
Mitigating Factors |
To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users. |
|
Restart Requirement
|
This update does require a restart. |
|
Bulletins Replaced by This Update
|
MS09-058 |
|
Full Details
|
http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx |
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Thank you,
Microsoft CSS Security Team
Wes Yanaga | Partner Platform Strategy & Evangelism| US DPE West Region
Office: 650-693-2104 | Mobile: 650-678-1217 | Email: :wesy@microsoft.com |
Twitter
Blog: CDS Partners | Facebook – Partner Huddle.Net |
LinkedIn - .NET Dev Partners
‘If you don’t like change, you’re going to like irrelevance even less’ – General Eric Shinseki, Chief of Staff, U.S. Army (ret.)
Microsoft Security Bulletin MS10-002 – Critical: Cumulative Security Update for Internet Explorer (978207)
This update has been released and also addresses the vulnerability first described in Microsoft Security Advisory 979352. Please visit the sites for more information.
November Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin ID: MS09-063
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista and Windows Server 2008
——————————–
Bulletin ID: MS09-064
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server
——————————–
Bulletin ID: MS09-065
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
——————————–
Bulletin ID: MS09-066
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
Max Severity: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008
——————————–
Bulletin ID: MS09-067
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
——————————–
Bulletin ID: MS09-068
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003
——————————–
Note: The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin summary Web page at the link below and navigate to the “Affected Software” section.
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx.
=================================
Malicious Software Removal Tool
=================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
=================================
High Priority Non-Security Updates
=================================
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
=================================
Security Bulletin Major Revisions
=================================
Microsoft has revised Security Bulletin MS09-045 – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to add JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an affected product. Customers who have already installed this update do not need to take any action.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
________________________________________
Microsoft has revised Security Bulletin MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to reoffer the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx
=================================
Public Bulletin Release Webcast
=================================
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 11, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490
=================================
New Bulletin Technical Details
=================================
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
Bulletin Identifier: Microsoft Security Bulletin MS09-063
———————-
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-2512 – Web Services on Devices API Memory Corruption Vulnerability
EI = 2 (Inconsistent exploit code likely). Notes: The scenario allows for a possible, limited denial of service attack.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors: The vulnerable service is only exposed to incoming connections from the local subnet.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-064
———————-
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. The security update addresses the vulnerability by changing the way the License Logging service validates a specific field inside the RPC packet.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Windows 2000.
———————-
CVEs and Exploitability Index: CVE-2009-2523 – License Logging Server Heap Overflow Vulnerability
EI = 2 (Inconsistent exploit code likely)
———————-
Attack Vectors: Sending a specially crafted RPC packet.
———————-
Mitigating Factors: Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-065
———————-
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index:
• CVE-2009-1127 – Win32k NULL Pointer Dereferencing Vulnerability, EI = 2 (Inconsistent exploit code likely)
• CVE-2009-2513 – Win32k Insufficient Data Validation Vulnerability, EI = 1 (Consistent exploit code likely)
• CVE-2009-2514 – Win32k EOT Parsing Vulnerability, EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• CVE-2009-1127 and CVE-2009-2513: A logon attempt with a legitimate username.
• CVE-2009-2514: A maliciously crafted Office document, Web page, or e-mail attachment.
———————-
Mitigating Factors:
• CVE-2009-1127 and CVE-2009-2513: An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
• CVE-2009-2514: An attacker would have no way to force users to visit a specially crafted Web site. Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: MS09-025
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-066
———————-
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. The security update addresses the vulnerability by changing the way Active Directory, ADAM, and AD LDS process malformed LDAP or LDAPS requests.
———————-
Severity Ratings and Affected Software: This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-1928 – LSASS Recursive Stack Overflow Vulnerability
EI = 3 (Functioning exploit code unlikely). Notes: The condition for denial of service exists.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors:
• This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Restart Requirement
You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000 Server, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update:
• Windows 2000 Server, Windows XP, and Windows Server 2003: MS09-018
• Windows Server 2008: MS08-035
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-067
———————-
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
———————-
CVEs and Exploitability Index:
• CVE-2009-3127 – Excel Cache Memory Corruption Vulnerability, EI = 2
• CVE-2009-3128 – Excel SxView Memory Corruption Vulnerability, EI = 2
• CVE-2009-3129 – Excel Featheader Record Memory Corruption Vulnerability, EI = 1
• CVE-2009-3130 – Excel Document Parsing Heap Overflow Vulnerability, EI = 1
• CVE-2009-3131 – Excel Formula Parsing Memory Corruption Vulnerability, EI = 1
• CVE-2009-3132 – Excel Index Parsing Vulnerability, EI = 2
• CVE-2009-3133 – Excel Document Parsing Memory Corruption Vulnerability, EI = 2
• CVE-2009-3134 – Excel Field Sanitization Vulnerability, EI = 2
o EI = 1: Consistent exploit code likely
o EI = 2: Inconsistent exploit code likely
———————-
Attack Vectors:
• A maliciously crafted Excel spreadsheet
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-021
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-068
———————-
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
———————-
Executive Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by modifying the way that Microsoft Office Word opens specially crafted Word files.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.
———————-
CVEs and Exploitability Index:
CVE-2009-3135 – Microsoft Office Word File Information Memory Corruption Vulnerability
EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• A maliciously crafted Word document
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• Users would have to be persuaded to visit a malicious Web site.
• Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-027
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx
Patch Tuesday, October 13
The list of patches are itemized below. If you have automating updating turned on, you might already have the updates. To learn how to turn automatic updating on for your operating system, see Update your PC automatically.
If you do not have automatic updating turned on, or to check whether you need the updates, go to Microsoft Update.
Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search using the words security update and the month the update was released.
Latest Security Updates
- MS09-050 - addresses a vulnerability in Microsoft Windows (KB 975517)
- MS09-051 - addresses a vulnerability in Windows Media (KB 975682)
- MS09-052 - addresses a vulnerability in Windows Media (KB 974112)
- MS09-053 - addresses a vulnerability in Internet Information Services (IIS) (KB 975254)
- MS09-054 - addresses a vulnerability in Internet Explorer (KB 974455)
- MS09-055 - addresses a vulnerability in Microsoft Windows (KB 973525)
- MS09-056 - addresses a vulnerability in Microsoft Windows (KB 974571)
- MS09-057 - addresses a vulnerability in Indexing Service (KB 969059)
- MS09-058 - addresses a vulnerability in Microsoft Windows (KB 971486)
- MS09-059 - addresses a vulnerability in Microsoft Windows (KB 975467)
- MS09-060 - addresses a vulnerability in Microsoft Office (KB 973965)
- MS09-061 - addresses a vulnerability in Microsoft .NET (KB 974378)
- MS09-062 - addresses a vulnerability in Microsoft Windows (KB 957488)
Patch Tuesday – June 9
We released several security updates today. Six updates are listed as critical. Please read the Security Bulletin Summary for June 2009 for more details.
- MS09-018 – addresses a vulnerability in Microsoft Windows (KB 971055)
- MS09-019 – addresses a vulnerability in Microsoft Internet Explorer (KB 969897)
- MS09-020 – addresses a vulnerability in Microsoft Internet Information Services (KB 970483)
- MS09-021 – addresses a vulnerability in Microsoft Office (KB 969462)
- MS09-022 – addresses a vulnerability in Microsoft Windows (KB 961501)
- MS09-023 – addresses a vulnerability in Microsoft Windows (KB 963093)
- MS09-024 – addresses a vulnerability in Microsoft Office (KB 957632)
- MS09-025 – addresses a vulnerability in Microsoft Windows (KB 968537)
- MS09-026 – addresses a vulnerability in Microsoft Windows (KB 970238)
- MS09-027 – addresses a vulnerability in Microsoft Office (KB 969514)
Security Updates for April 14, 2009
- MS09-009 – addresses a vulnerability in Microsoft Office (KB 968557)
- MS09-010 – addresses a vulnerability in Microsoft Windows and Microsoft Office (KB 960477)
- MS09-011 – addresses a vulnerability in Microsoft Windows (KB 961373)
- MS09-012 – addresses a vulnerability in Microsoft Windows (KB 959454)
- MS09-013 – addresses a vulnerability in Microsoft Windows (KB 960803)
- MS09-014 – addresses a vulnerability in Microsoft Internet Explorer (KB 963027)
- MS09-015 – addresses a vulnerability in Microsoft Windows (KB 959426)
- MS09-016 – addresses a vulnerability in Microsoft ISA Server (KB 961759)
