Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2010

Help Centre

Reporting Channels

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2010

MA-231.052010: MyCERT Alert -Latest Patch for Microsoft Vulnerabilities (May 2010)

Date First Published: 2010-05-12

1.0 Introduction

Microsoft is releasing two security bulletins MS10-030 and MS10-031 to address two vulnerabilities in Windows and Microsoft Office. Both vulnerabilities are rated as Critical. As always, we recommend that customers test and deploy both security updates as soon as possible.

2.0 The list of the critical vulnerabilities is as below:

1.Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution

MS10-030 is a Windows-based update resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live Mail. Windows 2000, XP, Vista, Server 2003, and Server 2008 all have a severity rating of Critical. Windows 7 and Windows Server 2008 R2 are rated Important when an affected mail client is installed. However, neither has a mail client installed by default. To successfully take advantage of this vulnerability, an attacker would either have to host a malicious mail server or compromise a mail server. Alternatively, an attacker could perform a man in the middle attack and attempt to alter responses to the client. Heap mitigations built into Windows Vista and newer operating systems make exploitation of this vulnerability unlikely. Overall, Microsoft has rated this 2 on our Exploitability Index and do not expect reliable exploit code to surface in the next 30 days.

Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx

Impact.

An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Products

The detail list of the vulnerable products and versions are as below:

Microsoft Windows 2000 Service Pack
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems**
Windows Server 2008 R2 for Itanium-based Systems

2. Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

MS10-031 addresses one vulnerability in Microsoft Visual Basic for Applications (VBA). This security update is rated Critical for Microsoft VBA SDK 6.0 and third-party applications using Microsoft VBA. For all supported versions of Office XP, Office 2003 and Office 2007, MS10-031 is rated Important due to the user interaction required in order to successfully exploit this issue. The update addresses the vulnerability by modifying the way VBA searches for ActiveX Controls embedded in documents. This bulletin is also rated a 2 on our Exploitability Index.

Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx

Impact.

Attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Products

The detail list of the vulnerable products and versions are as below:

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3 2007
Microsoft Office System Service Pack 1 and 2007
Microsoft Office System Service Pack 2
Microsoft Visual Basic for Applications
Microsoft Visual Basic for Applications SDK

4.0 Recommendations

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the windows update is available at the following URL:

http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor. For further enquiries, MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
http://www.mycert.org.my

5.0 References