Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Microsoft Patch Tuesday - April 2010

Created: 13 Apr 2010 18:57:25 GMT • Updated: 23 Jan 2014 18:28:17 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 11 bulletins covering a total of 25 vulnerabilities.

Nine of the issues are rated “Critical” and affect SMB client, Media Services, DirectShow, Media Player, and Windows Authenticode Signature Verification. The SMB and Windows Authenticode Signature Verification vulnerabilities have the potential to result in a complete system compromise upon successful exploitation. The remaining issues are rated “Important” and “Moderate” and affect ISATAP, Exchange, VBScript, Publisher, Visio, and the Windows kernel.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the April releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

The following is a breakdown of the “Critical” issues being addressed this month:

1. MS10-019 Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

CVE-2010-0486 (BID 39328) Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)

A remote code execution vulnerability affects the Windows Authenticode Signature Verification function when signing and verifying PE or cabinet files. An attacker can exploit this issue by tricking an unsuspecting victim into running a signed PE or cabinet file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context in which the application was run. Possibly aiding in a complete system compromise.

Affects: Authenticode Signature Verification 6.0 and 6.1

CVE-2010-0487 (BID 39332) Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)

A remote code execution vulnerability affects the Windows Authenticode Signature Verification for ‘.cab’ file formats. An attacker can exploit this issue by tricking an unsuspecting victim into running a signed PE or cabinet file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context in which the application was run. Possibly aiding in a complete system compromise.

Affects: Cabinet File Viewer Shell Extension 6.0 and 6.1

2. MS10-020 Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

CVE-2010-0269 (BID 39312) Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)

A remote code-execution vulnerability affects the SMB client due to a memory allocation issue. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Affects: Microsoft Windows 2000 SP4, Windows XP SP2, Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems

CVE-2010-0270 (BID 39339) Microsoft Windows SMB Client Transaction Response Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)

A remote code-execution vulnerability affects the SMB client because it improperly validates fields in an SMB response. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Affects: Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems

CVE-2010-0476 (BID 39336) Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)

A remote code-execution vulnerability affects the SMB client because of how it parses SMB transaction responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Affects: Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems

CVE-2010-0477 (BID 39340) Microsoft Windows SMB Client Message Size Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.8)

A remote code-execution vulnerability affects the SMB client because of how it handles malformed SMB responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Affects: Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems

3. MS10-025 Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)

CVE-2010-0478 (BID 39356) Microsoft Windows Media Service Transport Information Packet Stack Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.5)

A remote code execution vulnerability affects Microsoft Windows when running the optional Windows Media Services component when handling specially crafted transport information packets. An attacker can exploit this issue by sending a malicious packet to an affected computer. Successful exploits will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Affects: Microsoft Windows 2000 SP4

4. MS10-026 Vulnerability in Microsoft DirectShow Could Cause Remote Code Execution (977816)

CVE-2010-0480 (BID 39303) Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)

A remote code-execution vulnerability affects the Microsoft MPEG Layer-3 codecs when handling a specially crafted AVI media file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious AVI file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: MPEG Layer-3 Codec for Microsoft DirectShow

5. MS10-027 Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

CVE-2010-0268 (BID 39351) Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1)

A remote code-execution vulnerability affects the Media Player ActiveX control. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a specially crafted web page.

Affects: Media Player 9

---------------------------

More information on these and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.