Tuesday, October 12, 2010

Microsoft Patch Tuesday - October 2010

Microsoft has broken their own record for vulnerabilities fixed previously set from October 2009. They have released security patches fixing a whopping 81 vulnerabilities (including an out-of-band patch) beating their record last year. Several of these vulnerabilities were 0day. 1 of 2 struxnet 0day vulnerabilities have been fixed. IE 6-8 (10 vulnerabilities fixed) even under the newer IE7 and IE8 versions. MRT (Malicious Software removal tool) tool was updated to detect Zeus Trojan that deals with capturing user’s credentials for online banking. 

To access MRT: (start - run - type: "mrt" )


Breakdown of this month’s Microsoft Patches:

1.      1.  MS10-071 – Internet Explorer | Remote Code Execution - KB 2360131 | Critical
(Replaces MS10-053)
(XP, Vista, 7)/Important (2003, 2008, 2008 R2)

A total of 10 vulnerabilities in IE6, IE7, & IE8 on almost all Windows platforms are addressed in this bulletin.


2.    2.   MS10-072 –SharePoint / IE - HTML Sanitization | Information Disclosure - KB 2412048 | Important
(Replaces MS10-039 )
Important (SharePoint Services 3, SharePoint Foundation 2010, Office Web Apps, Office SharePoint Server 2007, Groove Server 2010)
o   CVE-2010-3324

2 vulnerabilities of which allow for cross-site scripting (XSS) attacks in Microsoft SharePoint with an issue with HTML sanitization. 


3.      3. MS10-073 – Kernel Mode Drivers | Privilege  Elevation - KB 981957 | Important  
(Replaces MS10-048 )
(XP, Vista, 7, 2003, 2008, 2008 R2)

3 privilege escalation vulnerabilities, including CVE-2010-2743 – involving with Stuxnet malware.


4.      4.  MS10-074 - Foundation Classes | Remote Code Execution - KB 2387149 | Moderate
o   (Replaces MS07-012 )
(XP, Vista, 7, 2003, 2008, 2008 R2)
     A buffer overflow in the MFC libraries.

·         MS10-075 - Media Player Network Sharing Service | Remote Code Execution - KB 2281679
Critical (7)/Important (Vista)
o   CVE-2010-3225

The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.


2.    6.   MS10-076 - OpenType Font Engine | Remote Code Execution - KB 982132 | Critical
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-1883

A vulnerability in the embedded TruType font that was originally disclosed to TippingPoint via the Zero Day Initiative (ZDI) program on June 23, 2010.



3.     7.  MS10-077 - .NET Framework | Remote Code Execution - KB 2160841 | Critical
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-3228

This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs).

The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.



4.   8.    MS10-078 - OpenType Font (OTF) | Privilege  Elevation - KB 2279986 | Important
(XP, 2003)
o   CVE-2010-2741

This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.



5.     9.  MS10-079 -  Word | Remote Code Execution - KB 2293194 | Important
(Replaces MS09-068 MS10-056 )
(Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack for Office 2007, Microsoft Word Viewer, Office Web Apps)
o   CVE-2010-3216

Fixes 11 vulnerabilities in Microsoft Word. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.



6.   10.   MS10-080 – Excel | Remote Code Execution - KB 2293211 | Important
(Replaces MS10-038 MS10-057 )
(Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Office 2007)
o   CVE-2010-3239

Fixes 13 vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.



7.    11.   MS10-081 - Comctl32 | Remote Code Execution - KB 2296011 | Important
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-2746

The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.



8.     12.  MS10-082 - Windows Media Player | Remote Code Execution - KB 2378111 | Important
(Replaces MS10-027 )
Critical (XP, Vista, 7, 2003) & Moderate - (2008, 2008 R2)
o   CVE-2010-2745

A vulnerability in Windows Media Player affecting Windows XP/Vista, Windows 7, and Windows Server 2003/2008 allows for remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.



9.    13.   MS10-083 - Internet Explorer | Remote Code Execution                - KB 2405882 | Important
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-1263

Fixes a vulnerability in Wordpad and the Windows shell that allows remote code execution. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share.



    14.   MS10-084 - Windows Local Procedure Call | Privilege Escalation- KB 2360937 | Important
(Replaces MS10-066 )
(XP, 2003)
o   CVE-2010-3222

A stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) allowing for local privilege escalation. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.



1   15.   MS10-085 – Schannel, IIS | Denial of Service - KB 2183461 | Important
(Replaces MS10-049 )
(Vista, 7, 2008, 2008 R2)
o   CVE-2010-3229

Denial of service vulnerability in ISS web servers running SSL. The vulnerability could allow denial of service if an affected system received a specially crafted packet message via Secure Sockets Layer (SSL). By default, all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not configured to receive SSL network traffic.



     16.  MS10-086 - Windows Shared Cluster Disks | Tampering - KB 2294255 | Moderate
(2008 R2)

A vulnerability in the disk clustering services creates backup volumes that allow everyone to read, edit or delete files. This could leave the door wide open to attackers or insiders looking for information that has been protected by file system permissions.


Out-of-Band Security Update since September's Patch Tuesday
·         MS10-070 - ASP.Net | Information Disclosure - KB2418042 | Critical
o   2416447 
o   2416473 
o   2416474 
o   2416754 
o   2418240 
o   2418241
o   2416451 
o   2416468
o   2416469
o   2416470
o   2416471
o   2416472
o   2431728

This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.


 Other Updates & News

Oracle Java update
v.6 update 22
fixed 29 security vulnerabilities
fixed TLS/SSL renegotiation hole - their own implementation of the protocol was not fixed yet
fixed root CA and various other issues

Foxit Reader 4.2
Many switch from Adobe Reader to Foxit Reader which is less weight
Buffer-overflow issue - file containing over 512 characters, will crash the reader, which potentially opens the door to buffer-overflow

Facebook
Facebook has added one-time password support
Purpose to login using a one-time password on a system you do not control and question the system’s security environment (such as the possibility of having keyloggers, etc)

txt string otp to number 3265 will receive a one-time password that expires after 20 minutes.

Must register cellphone number to facebook account.


UAE and RIM
Agreement has been made and the UAE and RIM pertaining to banning Blackberry cell phone technology in the UAE

Saudi Arabia and India has backed down as well.

RIM’s technology is strongly encrypted to the point where no ease-dropping or man-in-the-middle session can not be taken place.

What changed though for both the UAE and RIM to come into an agreement? RIM will not disclose stating that it is proprietary information.


Amazon Kindle
Jailbroken Kindles can run Zork from Infocon.

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.