Symantec product detections for Microsoft monthly Security Advisories - March 2009

Article:TECH138064  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138064
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



March 10, 2009

 

ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0081 

 

BID:

34012

 

Microsoft ID:

MS09-006

MSKB:

958690

 

Microsoft Rating:

Critical

Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

 Windows XP SP2 and SP3

Windows XP Professional x64 Edition

 Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code-execution vulnerability affecting the GDI component of the Windows kernel when handling malformed EMF or WMF files.

Remote attackers can exploit this issue by tricking a victim into viewing a specially crafted image; this can occur simply by visiting a malicious web page.

Successful exploits will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Sig ID: 23303

Detected as  "HTTP Microsoft GDI Kernel Code Exec  "

 

Applicability:

SCS – SU 197

• NIS/NAV/N360 – SU 188

• NIS08/NAV08/09 – SU 152

• N360v2 – SU 152

SEP11 – SU 99

 

AV:

Bloodhound.Exploit.229

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0094

 

BID:

34013

 

Microsoft ID:

MS09-008

 

MSKB:

962238

 

Microsoft Rating:

Important

WPAD WINS Server Registration Vulnerability

 

Spoofing Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 Server SP4

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

This is a vulnerability in Windows WINS Server, because it does not properly validate who can register a WPAD (Web Proxy Auto-Discovery) or ISATAP entry.

An attacker can exploit this issue to register a malicious entry to spoof the legitimate web proxy or ISATAP route and redirect Internet traffic.

Successful exploits may aid in other attacks such as phishing.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0093

 

BID:

33989

 

Microsoft ID:

MS09-008

 

MSKB:

962238

 

Microsoft Rating:

Important

DNS Server Vulnerability in WPAD Registration Vulnerability

 

DNS Spoofing vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 Server SP4

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Server 2008 for 32-bit Systems, and x64-based Systems

This is a vulnerability in Windows DNS Server, because it does not properly validate who can register a WPAD (Web Proxy Auto-Discovery) entry.

An attacker can exploit this issue to register a malicious WPAD entry to spoof the legitimate web proxy and redirect Internet traffic.

Successful exploits may aid in other attacks such as phishing.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0234

 

BID:

33988

 

Microsoft ID:

MS09-008

 

MSKB:

962238

 

Microsoft Rating:

Important

DNS Server Cache Validation Vulnerability

 

DNS Cache Poisoning Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 Server SP4

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Server 2008 for 32-bit Systems, and x64-based Systems

This is a remote DNS cache poisoning vulnerability affecting the Windows DNS Server because of decreased entropy in transaction IDs.

An attacker can send multiple specially crafted requests to reduce entropy in the Transaction IDs enabling the attacker to guess a valid ID

Successful attacks will result in arbitrary attacker-supplied addresses being added to the DNS cache

This may aid in other attacks such as phishing.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0233

 

BID:

33982

 

Microsoft ID:

MS09-008

 

MSKB:

962238

 

 

Microsoft Rating:

Important

DNS Server Query Validation Vulnerability 

 

Remote DNS Cache Poisoning Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 Server SP4

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Server 2008 for 32-bit Systems, and x64-based Systems

This is a remote DNS cache poisoning vulnerability affecting the Windows DNS Server because of decreased entropy in Transaction IDs.

The service does not re-use cached responses when receiving specially crafted duplicate queries.

This can aid an attacker in guessing a valid Transaction ID to insert arbitrary addresses into the DNS cache.

Successful attacks may aid in other attacks such as phishing.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0085

 

BID:

34015

 

Microsoft ID:

MS09-007

 

MSKB:

960225

 

Microsoft Rating:

SChannel Spoofing Vulnerability

 

Authentication Bypass Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a authentication-bypass vulnerability affecting the Microsoft Windows SChannel authentication component because it does not properly verify the existence of an associated private key when using certificate-based authentication.

An attacker in possession of a valid certificate, can exploit this issue to authenticate to a vulnerable server without requiring the private key.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0083

 

BID:

34025

 

Microsoft ID:

MS09-006

 

MSKB:

958690

 

Microsoft Rating:

Important

Windows Kernel Invalid Pointer Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1

Windows Server 2003 x64 Edition

This is a local privilege-escalation vulnerability affecting the Windows kernel because it does not properly handle invalid pointers in certain situations.

A local attacker can exploit this issue by running a specially crafted program on the local system.

Successful exploits will result in the execution of attacker-supplied code with SYSTEM-level privileges.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0082

 

BID:

34027 

 

Microsoft ID:

MS09-006

 

MSKB:

958690

 

Microsoft Rating:

Important

Windows Kernel Handle Validation Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege-escalation vulnerability affecting the Windows kernel because it does not properly validate handles in certain situations.

A local attacker can exploit this issue by running a specially crafted program on the local system.

Successful exploits will result in the execution of attacker-supplied code with SYSTEM-level privileges.

 

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138064


Terms of use for this information are found in Legal Notices