MA-215.022010: MyCERT Alert - Latest Patch for Multiple Microsoft Vulnerabilities (February 2010)
Date First Published: 2010-02-10
1.0 Introduction
Microsoft has recently released several security bulletins, 5 of them are rated Critical, 7 of them are Important and 1 is rated Moderate.
The list of the critical vulnerabilities is as below:
1. Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Patch: http://go.microsoft.com/fwlink/?LinkId=178850
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sends a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.
Affected software: Microsoft Windows 2000, XP, 2003, Vista, 2008, 7, 2008 RC2
2. Vulnerabilities in Windows Shell Handler Could Allow Remote Code Execution (975713)
Patch: http://go.microsoft.com/fwlink/?LinkID=179067
This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.
Affected software: Microsoft Windows 2000, XP, 2003
3. Cumulative Security Update of ActiveX Kill Bits (978262)
Patch: http://go.microsoft.com/fwlink/?LinkId=179106
This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Affected software: Microsoft Windows 2000, XP, 2003, Vista, 2008, 7, 2008 RC2
4. Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Patch: http://go.microsoft.com/fwlink/?LinkId=167190
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
Affected software: Microsoft Windows Vista, 2008
5. Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Patch: http://go.microsoft.com/fwlink/?LinkId=167321
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software: Microsoft Windows 2000, XP, 2003, Vista, 2008, 7, 2008 RC2
The seven important bulletins are:
1. Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Patch: http://go.microsoft.com/fwlink/?LinkId=178812
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software: Microsoft Office XP for Windows and Office 2004 for Mac
2. Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Patch: http://go.microsoft.com/fwlink/?LinkId=163639
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software: Microsoft Office PowerPoint XP and 2003 for Windows and Microsoft Office 2004 for Mac
3. Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Patch: http://go.microsoft.com/fwlink/?LinkID=179066
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instruction is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Affected software: Microsoft Windows 2008 and 2008 RC2
4. Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Patch: http://go.microsoft.com/fwlink/?LinkId=179798
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Anonymous users can not exploit the vulnerability.
Affected software: Microsoft Windows 2000, XP, 2003
5. Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Patch: http://go.microsoft.com/fwlink/?LinkId=155976
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker creates a specially crafted SMB packet and sends the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Affected software: Microsoft Windows 2000, XP, 2003, Vista, 2008, 7, 2008 RC2
6. Vulnerability in Kerberos Could Allow Denial of Service (977290)
Patch: http://go.microsoft.com/fwlink/?LinkID=181196
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.
Affected software: Microsoft Windows 2000, 2003, 2008
7. Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Patch: http://go.microsoft.com/fwlink/?LinkID=179062
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system runs a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities cannot be exploited remotely or by anonymous users.
Affected software: Microsoft Windows 2000, XP, 2003, Vista, 2008, 7
The one moderate bulletin is:
1. Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Patch: http://go.microsoft.com/fwlink/?LinkId=180620
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user views a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Affected software: Microsoft Windows 2000, XP, 2003
You can find more information at Microsoft Security Bulletin Summary for February 2010 by visiting the following URL: http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx
All of the patches could be done almost automatically via the Windows Update application.
The how-to perform of the windows update is available at the following URL: http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html
Generally, MyCERT advises the users of this software to be updated with the latest security announcements by its vendor. MyCERT can be reached through the following channels:
E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
2.0 References
- http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx
- http://blogs.technet.com/srd/archive/2010/02/09/assessing-the-risk-of-the-february-security-bulletins.aspx
|
