Video Screencast Help

Microsoft Patch Tuesday - June 2009

Created: 09 Jun 2009 20:41:41 GMT • Updated: 23 Jan 2014 18:34:54 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a very heavy month—the vendor is releasing 10 bulletins covering a total of 31 vulnerabilities, which is the largest number of vulnerabilities covered in a single "Patch Tuesday" since Microsoft started the monthly patch program.

A video of Symantec Security Response’s John Harrison discussing the vulnerabilities addressed this month can be viewed here: http://www.youtube.com/watch?v=-X51L07fk48

Seventeen of the issues are rated “Critical” and affect Office, Print Spooler, Excel, Word, Internet Explorer, and Active Directory. The more severe of the two Active Directory issues can be remotely exploited to gain complete access to a vulnerable computer. In most cases, the remaining “Critical” issues require some sort of user interaction to trigger (e.g. visiting a website containing malicious content or opening a malicious file). The remaining issues, rated “Important” and “Moderate,” affect Print Spooler, Windows Search, the kernel, Excel, Word, Internet Explorer, RPC, IIS, and Active Directory.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the June releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx

The following is a breakdown of the “Critical” issues being addressed this month:

1. MS09-018 Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

CVE-2009-1138 (BID 35226) Microsoft Active Directory Memory Corruption Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code execution vulnerability affects Active Directory when handling LDAP and LDAPS requests. An attacker can exploit this issue by sending a specially crafted LDAP or LDAPS request to an affected server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges. This will facilitate a complete compromise of the affected computer.

Affects: Active Directory

2. MS09-019 Cumulative Security Update for Internet Explorer (969897)

CVE-2009-1140 (BID 35200) Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability (MS Rating: Critical / Symantec Urgency Rating 5.7/10)

A cross-domain information disclosure vulnerability affects Internet Explorer because of how it allows cached data to be called. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page. A successful exploit will result in the disclosure of potentially sensitive information across domains.

Affects: Internet Explorer 5.01 SP4, Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1141 (BID 35198) Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects DHTML component of Internet Explorer when handling certain method calls to HTML objects. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1528 (BID 35222) Microsoft Internet Explorer (CVE-2009-1528) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1529 (BID 35223) Microsoft Internet Explorer (CVE-2009-1529) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1530 (BID 35224) Microsoft Internet Explorer (CVE-2009-1530) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1531 (BID 35234) Microsoft Internet Explorer (CVE-2009-1531) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7

CVE-2009-1532 (BID 35235) Microsoft Internet Explorer (CVE-2009-1532) Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Internet Explorer 6, Internet Explorer 6 SP1, Internet Explorer 7, and Internet Explorer 8

3. MS09-021 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

CVE-2009-0549 (BID 35215) Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to pointer corruption when processing a malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, Office Excel 2002 SP3, Office Excel 2003 SP3, Office for Mac 2004, Office for Mac 2008, Office Open XML File Converter for Mac, and Office Excel Viewer 2003 SP3

CVE-2009-0557 (BID 35241) Microsoft Excel Record Object Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when processing a malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, Office Excel 2002 SP3, Office Excel 2003 SP3, Office Excel 2007 SP1 and SP2, Office for Mac 2004, Office for Mac 2008, Office Open XML File Converter for Mac, Office Excel Viewer 2003 SP3, Office Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

CVE-2009-0558 (BID 35242) Microsoft Excel Array Indexing Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to incorrect array indexing when processing a malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, Office for Mac 2004, Office for Mac 2008, and Office Open XML File Converter for Mac.

CVE-2009-0559 (BID 35243) Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to an improper string copy operation when processing a malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, and Office Excel 2002 SP3

CVE-2009-0560 (BID 35244) Microsoft Excel Field Sanitization Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to improper field sanitization when processing a file with a malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, Office Excel 2002 SP3, Office Excel 2003 SP3, Office Excel 2007 SP1 and SP2, Office for Mac 2004, Office for Mac 2008, Office Open XML File Converter for Mac, Office Excel Viewer 2003 SP3, Office Excel Viewer, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

CVE-2009-0561 (BID 35245) Microsoft Excel Malformed Record Object Integer Overflow Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when processing a file with malformed record object. An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office Excel 2000 SP3, Office Excel 2002 SP3, Office Excel 2003 SP3, Office Excel 2007 SP1 and SP2, Office for Mac 2004, Office for Mac 2008, Office Open XML File Converter for Mac, Office Excel Viewer 2003 SP3, Office Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Office SharePoint Server 2007 SP1 and SP2 (32- and 64- bit versions).

4. MS09-022 Vulnerabilities in the Windows Print Spooler Could Allow Remote Code Execution (961501)

CVE-2009-0228 (BID 35206) Microsoft Windows Print Spooler Remote Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code execution vulnerability affects the Print Spooler service when handling certain printing data structures. An attacker can exploit this issue by setting up a malicious print server and tricking a victim into connecting to it. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of SYSTEM.

Affects: Microsoft Windows 2000 SP4

5. MS09-024 Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

CVE-2009-1533 (BID 35184) Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Works for Windows document converter when handling specially crafted Works files. An attacker can exploit this issue by tricking a victim into opening a malicious ‘.wps’ file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Microsoft Office 2000 SP3, Microsoft Office XP SP3, Microsoft Office 2003 SP3, Microsoft Office 2007 SP1, and Microsoft Works 8.5, and 9.0

6. MS09-027 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

CVE-2009-0565 (BID 35190) Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Word when processing a file with a malformed record. An attacker can exploit this issue by tricking a victim into opening a specially crafted Word file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Affects: Office Word 2000 SP3, Office Word 2002 SP3, Office Word 2007 SP1 and SP2, Office for Mac 2004, Office for Mac 2008, Open XML File Format Converter for Mac, and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

 

 

 

More information on this and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.