Tuesday, July 13, 2010

Microsoft Patch Tuesday - July 2010


Microsoft is giving us a bit of a lighter month for patching with four bulletins to fix a total of five vulnerabilities. Four of the vulnerabilities are listed as critical and they affect the Help and Support Center, Access, and the Canonical Disply Driver. Many exploits in-the-wild have been made on the Help and Support Center vulnerability since it went public last month on June 10th. The vulnerabilities rated as important affects Outlook dealing with bypassing the program’s ability to detect unsafe file types via file attachments. All of the vulnerabilities are client-side so an attacker would need to trick a user into performing a specific action in order to be successfully exploited.


Security Best Practices Tips:
  • Install vendor patches as soon as they become available after proper testing in a test environment before applying to a production environment.
  • It is important to run all applications at the user level (least privileges) and only run the administrator account and as a privileged user to maintain functionality of the machine as needed (i.e. When needing admin privileges to install an application, a user can use the RunAs function to quickly switch to Administrator privileges while logged into a lower-privileged user).
  • Users should avoid downloading files from unknown or questionable sources - whether an email with attachment from an unknown sender, downloading from questionable website, or using flashdrive media where the integrity of the drive such as the drive's origin is in question.
  • Block external access at the network perimeter to systems until specifically required.
Microsoft's summary of the July releases can be found here:



http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx




1. MS10-042 Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
CVE-2010-1885 (BID 40725) Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability (MS Rating: Critical / Symantec Rating: 8.5/10)
A previously public (June 10, 2010) remote code execution vulnerability affects the Microsoft Help and Support centre due to how it handles the HCP protocol in specially crafted URIs. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing specially malformed content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Affects: Windows XP SP2, XP SP3, XP Professional x64 Edition SP2, Server 2003 SP2, Server 2003 x64 Edition SP2, and Server 2003 SP2 for Itanium-based Systems

2. MS10-044 Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
CVE-2010-0814 (BID 41442) Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code execution vulnerability affects Access ActiveX controls when loading a succession of controls into Internet Explorer. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Affects: Access 2003 SP3, 2007 SP1, and 2007 SP2
CVE-2010-1881 (BID 41444) Microsoft Access 'AccWizObjects' ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code execution vulnerability affects the ‘ACCWIZ.dll’ ActiveX control due to a memory corruption error when instantiating the control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Affects: Access 2003 SP3


3. MS10-043 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
CVE-2009-3678 (BID 40237) Microsoft Windows Canonical Display Driver Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8/10)
A previously public (May 18, 2010) remote code execution vulnerability affects the Canonical Display Driver (‘cdd.dll’) because it fails to properly parse information passed between user-mode and kernel-mode. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted image file. A successful exploit will result in the complete compromise of an affected computer.
Affects: Windows 7 and Windows 2008 R2 for x64-based systems.


4. MS10-045 Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
CVE-2010-0266 (BID 41446) Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 8.5/10)
A remote code execution vulnerability affects Outlook because it fails to properly verify attachments that are attached using the ‘ATTACH_BY_REFERENCE’ value of the ‘PR_ATTACH_METHOD’ property. An attacker can exploit this issue to run an arbitrary executable in the context of the currently logged-in user when the attachment is opened.
Affects: Office Outlook 2002 SP3, 2003 SP3, 2007 SP1, and 2007 SP2

-Stephen Geldersma, Digital Designs LLC
Sources:
Microsoft
Symantec


*Posting is provided "AS IS" with no warranties, and confers no rights.*