Tuesday, August 10, 2010

Microsoft Patch Tuesday - August 2010

Microsoft is releasing 14 bulletins addressing a total of 34 vulnerabilities. Microsoft has broken their record for the quantity of patches being released and tied with the largest number of vulnerabilities being addressed since the start of their Patch Tuesday program. Fourteen of the issues are marked as critical and affect Windows, SMB Server, Internet Explorer, Word, and Silverlight. The SMB vulnerability can be exploited remotely without any authentication. The remaining vulnerabilities are marked as important and moderate and affect SMB Server, Windows, Word, and Excel.

Security Best Practices Tips:

•  Install vendor patches as soon as they become available after proper testing in a test environment before applying to a production environment.
•  It is important to run all applications at the user level (least privileges) and only run the administrator account and as a privileged user to maintain functionality of the machine as needed (i.e. When needing admin privileges to install an application, a user can use the RunAs function to quickly switch to Administrator privileges while logged into a lower-privileged user).
• Users should avoid downloading files from unknown or questionable sources - whether an email with attachment from an unknown sender, downloading from questionable website, or using flashdrive media where the integrity of the drive such as the drive's origin is in question.
•  Block external access at the network perimeter to systems until specifically required.

Microsoft’s summary of the August releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

Critical Vulnerabilities Summary
1. MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
CVE-2010-2550 (BID 42224) Microsoft Windows SMB Pool Overflow Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 8.2/10)
A remote code-execution vulnerability affects the Microsoft Server Message Block (SMB) protocol when handling certain SMB packets. An attacker can exploit this issue by sending a malformed request to an SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with system-level privileges. This may facilitate a complete compromise of an affected computer.

2. MS10-053 Cumulative Security Update for Internet Explorer (2183461)
CVE-2010-2556 (BID 42257) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2556 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-2557 (BID 42288) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2557 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-2558 (BID 42289) Microsoft Internet Explorer Race Condition CVE-2010-2558 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that may have been corrupted due to a race condition. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-2559 (BID 42290) Microsoft Internet Explorer Uninitialized Memory CVE-2010-2559 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-2560 (BID 42292) Microsoft Internet Explorer HTML Layout Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of the way it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

3. MS10-055 Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
CVE-2010-2553 (BID 42256) Microsoft Windows Cinepak Codec Media Decompression Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Cinepak codec when handling a malformed media file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file with a vulnerable application. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

4. MS10-049 Vulnerabilities in SChannel could allow Remote Code Execution (980436)
CVE-2010-2566 (BID 42246) Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects SChannel because it improperly validates certificate request messages sent by a server. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

5. MS10-051 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
CVE-2010-2561 (BID 42300) Microsoft XML Core Service Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Microsoft XML Core Services when handling malformed HTTP responses. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

6. MS10-052 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
CVE-2010-1882 (BID 42298) Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Microsoft DirectShow MP3 filter when handling malformed files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file, or viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

7. MS10-060 Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
CVE-2010-0019 (BID 42138) Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Microsoft Silverlight because of the way it handles pointers. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious Silverlight content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-1898 (BID 42295) Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.5/10)
A remote code-execution vulnerability affects Microsoft .NET Framework because of the way the .NET Common Language Runtime (CLR) handles delegates to virtual methods. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a Web page containing malicious Silverlight content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

8. MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
CVE-2010-1901 (BID 42132) Microsoft Word Record RTF Parsing Engine Remote Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating 7.1/10)
A remote code-execution vulnerability affects Word when parsing rich text data. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious RTF file or email. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-1902 (BID 42133) Microsoft Word Record RTF Parsing Engine Remote Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating 7.1/10)
A remote code-execution vulnerability affects Word because it does not perform sufficient validation when handling rich text data. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious RTF file or email. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

-Stephen Geldersma, Digital Designs LLC

Sources:
Symantec

*Posting is provided "AS IS" with no warranties, and confers no rights.*

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.