Tuesday, June 8, 2010

Microsoft Patch Tuesday - June 2010





Microsoft is releasing 10 bulletins which fix a total of 34 vulnerabilities. There are six critical vulnerabilities affecting Data Analyzer ActiveX, Internet Explorer (IE) 8 Developer Tools, Internet Explorer, and Windows. These issues are client-side vulnerabilities which could result in remote code-execution in a successful attack if a user is currently logged-in at the time and the attacker is able to trick the user into performing specific a action. There are also 14 vulnerabilities being fixed in Microsoft Excel (all but one resulting in remote code execution vulnerabilities).

Microsoft’s summary of the June releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx

Security Best Practices Tips:
  • Install vendor patches as soon as they become available after proper testing in a test environment before applying to a production environment.
  • It is important to run all applications at the user level (least privileges) and only run the administrator account and as a privileged user to maintain functionality of the machine as needed (i.e. When needing admin privileges to install an application, a user can use the RunAs function to quickly switch to Administrator privileges while logged into a lower-privileged user).
  • Users should avoid downloading files from unknown or questionable sources - whether an email with attachment from an unknown sender, downloading from questionable website, or using flashdrive media where the integrity of the drive such as the drive's origin is in question.
  • Block external access at the network perimeter to systems until specifically required.



1. MS10-035 Cumulative Security Update for Internet Explorer (982381)
CVE-2010-1259 (BID 40410) Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.
CVE-2010-1262 (BID 40417) Microsoft Internet Explorer Uninitialized Memory (CVE-2010-1262) Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.




2. MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
CVE-2010-1879 (BID 40432) Microsoft Windows Media Decompression Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Microsoft Windows due to how it handles compression data in media files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file or into viewing specially crafted streaming content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-1880 (BID 40464) Microsoft Windows Media Decompression Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Microsoft Windows due to how it handles compression data in media files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file or into viewing specially crafted streaming content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.




3. MS10-034 Cumulative Security Update of ActiveX Kill Bits (980195)
CVE-2010-0252 (BID 38045) Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Microsoft Data Analyzer ActiveX control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2010-0811 (BID 40490) Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Microsoft Internet Explorer 8 Developer Tools. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.




4. MS10-040 Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
CVE-2010-1256 (BID 40573) Microsoft IIS Authentication Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Information Services (IIS) when parsing authentication information when it is configured for ‘Extended Protection for Authentication’. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected application. This may facilitate a complete compromise of the underlying computer.


-Stephen Geldersma, Digital Designs LLC

Sources:
Microsoft
Symantec

*Posting is provided "AS IS" with no warranties, and confers no rights.*

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.