Tuesday, April 13, 2010

Microsoft Patch Tuesday - April 2010

Microsoft is releasing 11 bulletins (5 critical, 5 important, 1 moderate) covering a total of 25 vulnerabilities. The critical patches affect SMB clients, Media Services, DirectShow, Media Player, and Windows Authenticode Signature Verification which could result in systems being compromised after successful exploitation if not patched. The important and moderate patches affect ISATAP, Exchange, VBScript, Publisher, Visio, and the Windows kernel. 


Best Practices for Security and Patching:
-Install vendor patches as soon as they are available. However, apply in a testing environment before rolling them out in a production environment. Those who do not test sometimes wait at least a day to hear back from others as to the actual results of the patches. (Sometimes new patches can break functionality or other security components that was already in place).
-Run all software with least privileges required while maintaining functionality
-Avoid handling files from unknown or questionable senders (such as links or attachments in email, social networks, or instant messages).
-Never visit unknown or questionable websites (watch out for ads - some may host automated scripts that will transparently install malware on the hosts computer. Again, beware of links to websites from unknown or questionable senders. In fact, never click on a link directly. Copy and paste it into your browser's address bar)
-Block external access to internal systems unless specific access is required.


Microsoft's summary of the April releases:
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx


The following is a breakdown from Symantec of the “Critical” issues being addressed this month:
1. MS10-019 Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
CVE-2010-0486 (BID 39328) Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)
A remote code execution vulnerability affects the Windows Authenticode Signature Verification function when signing and verifying PE or cabinet files. An attacker can exploit this issue by tricking an unsuspecting victim into running a signed PE or cabinet file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context in which the application was run. Possibly aiding in a complete system compromise.
Affects: Authenticode Signature Verification 6.0 and 6.1
CVE-2010-0487 (BID 39332) Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)
A remote code execution vulnerability affects the Windows Authenticode Signature Verification for ‘.cab’ file formats. An attacker can exploit this issue by tricking an unsuspecting victim into running a signed PE or cabinet file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context in which the application was run. Possibly aiding in a complete system compromise.
Affects: Cabinet File Viewer Shell Extension 6.0 and 6.1
2. MS10-020 Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
CVE-2010-0269 (BID 39312) Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)
A remote code-execution vulnerability affects the SMB client due to a memory allocation issue. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.
Affects: Microsoft Windows 2000 SP4, Windows XP SP2, Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
CVE-2010-0270 (BID 39339) Microsoft Windows SMB Client Transaction Response Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)
A remote code-execution vulnerability affects the SMB client because it improperly validates fields in an SMB response. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.
Affects: Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
CVE-2010-0476 (BID 39336) Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)
A remote code-execution vulnerability affects the SMB client because of how it parses SMB transaction responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.
Affects: Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
CVE-2010-0477 (BID 39340) Microsoft Windows SMB Client Message Size Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)
A remote code-execution vulnerability affects the SMB client because of how it handles malformed SMB responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.
Affects: Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems
3. MS10-025 Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
CVE-2010-0478 (BID 39356) Microsoft Windows Media Service Transport Information Packet Stack Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.5)
A remote code execution vulnerability affects Microsoft Windows when running the optional Windows Media Services component when handling specially crafted transport information packets. An attacker can exploit this issue by sending a malicious packet to an affected computer. Successful exploits will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.
Affects: Microsoft Windows 2000 SP4
4. MS10-026 Vulnerability in Microsoft DirectShow Could Cause Remote Code Execution (977816)
CVE-2010-0480 (BID 39303) Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)
A remote code-execution vulnerability affects the Microsoft MPEG Layer-3 codecs when handling a specially crafted AVI media file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious AVI file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Affects: MPEG Layer-3 Codec for Microsoft DirectShow
5. MS10-027 Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
CVE-2010-0268 (BID 39351) Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)
A remote code-execution vulnerability affects the Media Player ActiveX control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted web page.
Affects: Media Player 9


-Stephen Geldersma, Digital Designs LLC

Sources:
Microsoft
Symantec

*Posting is provided "AS IS" with no warranties, and confers no rights.*
Posted by DigitalDesigns at 3:21 PM
Labels: ,

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.

Subscribe to: Post Comments (Atom)