Video Screencast Help
Security Response

Microsoft and Adobe - Patch Tuesday for December 2009

Created: 08 Dec 2009 19:29:57 GMT • Updated: 23 Jan 2014 18:30:51 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This month we also have a "Patch Tuesday" from Adobe.

Microsoft's patches

Microsoft released six security bulletins to address 12 vulnerabilities; seven are rated "critical." The critical issues affect Internet Explorer, Project, and Internet Authentication Service (IAS). Attackers could exploit the IAS remotely, without any interaction from victims. For the other issues, a user must visit a malicious Web page or open a malicious file.

The remaining issues, rated “Important” and “Moderate,” affect IAS, WordPad, Word, Active Directory Federated Services, and Windows LSASS.

Adobe's patches

Adobe is scheduled to release security updates for Flash Player and AIR (Adobe Integrated Runtime). Although both of the updates scheduled for release today are classified as "critical," all customers should apply the Flash Player update immediately because so many computer users generally use Flash Player.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the December releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx

The following is a breakdown of the issues being addressed this month:

1. MS09-072 Cumulative Security Update for Internet Explorer (976325)

CVE-2009-2493 (BID 35828) Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to unsafe usage of ‘OleLoadFromStream’. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

CVE-2009-3671 (BID 37188) Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2009-3672 (BID 37085) Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.5/10)

A previously public (Nov 20, 2009) remote code execution vulnerability affects Internet Explorer during handling of the ‘Style’ HTML tag when access via the ‘document.getElementsByTagName’ function. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2009-3673 (BID 37212) Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

CVE-2009-3674 (BID 37213) Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

2. MS09-071 Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

CVE-2009-2505 (BID 37197) Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code execution vulnerability affects Protected Extensible Authentication Protocol (PEAP) on the Internet Authentication Service (IAS) when validating PEAP authentication requests. A remote attacker can exploit this issue by sending a malformed PEAP authentication request to an affected server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected application.

CVE-2009-3677 (BID 37198) Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability (MS Rating: Important / Symantec Urgency Rating 6.8/10)

An unauthorized-access vulnerability affects Internet Authentication Service (IAS) because it fails to properly validate MS-CHAP v2 authentication requests. An attacker can exploit this issue to bypass authentication and gain access as an arbitrary user.

3. MS09-073 Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

CVE-2009-2506 (BID 37216) Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects the text converters in WordPad and Office Word when opening a Word 97 file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

4. MS09-074 Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

CVE-2009-0102 (BID 37211) Microsoft Project Invalid Resource Memory Allocation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Microsoft Project when handling specially crafted Project files. An attacker can exploit this issue by tricking an unsuspecting user into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.

5. MS09-070 Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

CVE-2009-2508 (BID 37215) Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability (MS Rating: Moderate / Symantec Urgency Rating 6.1/10)

Active Directory Federation Services (ADSF) is prone to a vulnerability that may allow an attacker to gain access to a victim’s authenticated session. The problem occurs because the server fails to properly discard authentication credentials after a client logout. By default, the server retains the session for 600 minutes. An attacker with access to web cache data of a victim, can exploit this issue to authenticate to ADSF, and impersonate the victim.

CVE-2009-2509 (BID 37214) Microsoft Active Directory Federation Services Header Validation Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 6.8/10)

A remote code execution vulnerability affects Active Directory Federation Services (ADSF) because it incorrectly validates headers sent from the client. An authenticated attacker can exploit this issue by sending a specially crafted request header to an affected server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected application.

6. MS09-069 Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

CVE-2009-3675 (BID 37218) Microsoft Windows LSASS ISAKMP Message Remote Denial of Service Vulnerability (MS Rating: Important / Symantec Urgency Rating 5.7/10)

A denial-of-service vulnerability affects Windows because the Local Security Authority Subsystem Service (LSASS) fails to properly handle a ISAKMP message via Internet Protocol security (IPsec). An attacker, authenticated and connecting through IPsec, can exploit this issue by sending a specially crafted ISAKMP message to an LSASS server. A successful exploit will cause the affected computer to become unresponsive, effectively denying service.

More information on these and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.