November Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin ID: MS09-063
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista and Windows Server 2008
——————————–
Bulletin ID: MS09-064
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server
——————————–
Bulletin ID: MS09-065
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
——————————–
Bulletin ID: MS09-066
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
Max Severity: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008
——————————–
Bulletin ID: MS09-067
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
——————————–
Bulletin ID: MS09-068
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003
——————————–
Note: The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin summary Web page at the link below and navigate to the “Affected Software” section.
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx.
=================================
Malicious Software Removal Tool
=================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
=================================
High Priority Non-Security Updates
=================================
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
=================================
Security Bulletin Major Revisions
=================================
Microsoft has revised Security Bulletin MS09-045 – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to add JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an affected product. Customers who have already installed this update do not need to take any action.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
________________________________________
Microsoft has revised Security Bulletin MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to reoffer the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx
=================================
Public Bulletin Release Webcast
=================================
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 11, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490
=================================
New Bulletin Technical Details
=================================
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
Bulletin Identifier: Microsoft Security Bulletin MS09-063
———————-
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-2512 – Web Services on Devices API Memory Corruption Vulnerability
EI = 2 (Inconsistent exploit code likely). Notes: The scenario allows for a possible, limited denial of service attack.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors: The vulnerable service is only exposed to incoming connections from the local subnet.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-064
———————-
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. The security update addresses the vulnerability by changing the way the License Logging service validates a specific field inside the RPC packet.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Windows 2000.
———————-
CVEs and Exploitability Index: CVE-2009-2523 – License Logging Server Heap Overflow Vulnerability
EI = 2 (Inconsistent exploit code likely)
———————-
Attack Vectors: Sending a specially crafted RPC packet.
———————-
Mitigating Factors: Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-065
———————-
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index:
• CVE-2009-1127 – Win32k NULL Pointer Dereferencing Vulnerability, EI = 2 (Inconsistent exploit code likely)
• CVE-2009-2513 – Win32k Insufficient Data Validation Vulnerability, EI = 1 (Consistent exploit code likely)
• CVE-2009-2514 – Win32k EOT Parsing Vulnerability, EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• CVE-2009-1127 and CVE-2009-2513: A logon attempt with a legitimate username.
• CVE-2009-2514: A maliciously crafted Office document, Web page, or e-mail attachment.
———————-
Mitigating Factors:
• CVE-2009-1127 and CVE-2009-2513: An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
• CVE-2009-2514: An attacker would have no way to force users to visit a specially crafted Web site. Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: MS09-025
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-066
———————-
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. The security update addresses the vulnerability by changing the way Active Directory, ADAM, and AD LDS process malformed LDAP or LDAPS requests.
———————-
Severity Ratings and Affected Software: This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-1928 – LSASS Recursive Stack Overflow Vulnerability
EI = 3 (Functioning exploit code unlikely). Notes: The condition for denial of service exists.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors:
• This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Restart Requirement
You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000 Server, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update:
• Windows 2000 Server, Windows XP, and Windows Server 2003: MS09-018
• Windows Server 2008: MS08-035
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-067
———————-
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
———————-
CVEs and Exploitability Index:
• CVE-2009-3127 – Excel Cache Memory Corruption Vulnerability, EI = 2
• CVE-2009-3128 – Excel SxView Memory Corruption Vulnerability, EI = 2
• CVE-2009-3129 – Excel Featheader Record Memory Corruption Vulnerability, EI = 1
• CVE-2009-3130 – Excel Document Parsing Heap Overflow Vulnerability, EI = 1
• CVE-2009-3131 – Excel Formula Parsing Memory Corruption Vulnerability, EI = 1
• CVE-2009-3132 – Excel Index Parsing Vulnerability, EI = 2
• CVE-2009-3133 – Excel Document Parsing Memory Corruption Vulnerability, EI = 2
• CVE-2009-3134 – Excel Field Sanitization Vulnerability, EI = 2
o EI = 1: Consistent exploit code likely
o EI = 2: Inconsistent exploit code likely
———————-
Attack Vectors:
• A maliciously crafted Excel spreadsheet
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-021
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-068
———————-
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
———————-
Executive Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by modifying the way that Microsoft Office Word opens specially crafted Word files.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.
———————-
CVEs and Exploitability Index:
CVE-2009-3135 – Microsoft Office Word File Information Memory Corruption Vulnerability
EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• A maliciously crafted Word document
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• Users would have to be persuaded to visit a malicious Web site.
• Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-027
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx
Partner Otaku 
Leave a comment