Video Screencast Help

Microsoft Patch Tuesday - November 2009

Created: 10 Nov 2009 19:57:46 GMT • Updated: 23 Jan 2014 18:31:24 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a moderate month—the vendor is releasing six bulletins covering a total of 15 vulnerabilities.

Three of the issues are rated “Critical” and affect Web Services on Devices API, License Logging Server, and the Windows kernel. An attacker could exploit these issues remotely to gain complete control of a vulnerable computer.

The remaining issues, rated “Important”, affect Excel, the Windows kernel, Office, and Active Directory. Although these are only rated “Important” by Microsoft, we consider the Office and Excel issues quite serious and advise customers to apply updates as soon as possible.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the November releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx

The following is a breakdown of the issues being addressed this month:

1. MS09-063 Vulnerability in Web Service on Devices Could Allow Remote Code Execution (973565)

CVE-2009-2512 (BID 36919) Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code execution vulnerability affects Web Services on Devices API (WSDAPI) on Windows systems. The problem occurs when handling a WSDAPI message with a malformed MIME header. An attacker on the local subnet can exploit this issue to execute arbitrary code with SYSTEM-level privileges, resulting in a complete system compromise.

2. MS09-064 Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

CVE-2009-2523 (BID 36921) Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

A remote code execution vulnerability affects the License Logging service of Windows 2000. The problem occurs because the service fails to validate the length of a string in certain RPC requests. A remote unauthenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, resulting in a complete system compromise.

3. MS09-065 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

CVE-2009-1127 (BID 36939) Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability (MS Rating: Important / Symantec Urgency Rating 6.6/10)

A local privilege-escalation vulnerability affects the Windows kernel due to a NULL pointer dereference. A local attacker can exploit this issue to gain complete control of the affected computer.

CVE-2009-2513 (BID 36941) Microsoft Windows Kernel GDI Data Validation Local Privilege Escalation Vulnerability (MS Rating: Important / Symantec Urgency Rating 6.6/10)

A local privilege-escalation vulnerability affects the Windows kernel due to insufficient data validation of user mode data passed through kernel component of GDI. A local attacker can exploit this issue to gain complete control of the affected computer.

CVE-2009-2514 (BID 36029) Microsoft Windows Embedded OpenType Font Engine Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 9.2/10)

A previously public (Aug 11, 2009) remote code execution vulnerability affects the Embedded OpenType (EOT) font engine. An attacker can exploit this issue by tricking an unsuspecting victim into viewing content containing a specially crafted EOT font. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the kernel. This may facilitate a complete compromise of the affected computer.

4. MS09-066 Vulnerability in Active Directory Could Allow Denial of Service (973309)

CVE-2009-1928 (BID 36918) Microsoft Active Directory LDAP Request Stack Exhaustion Denial Of Service Vulnerability (MS Rating: Important / Symantec Urgency Rating 6.1/10)

A denial-of-service vulnerability affects Active Directory when handling certain malformed LDAP or LDAPS requests. A remote unauthenticated attacker can exploit this issue to exhaust stack space and cause the affected computer to stop responding.

5. MS09-067 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

CVE-2009-3127 (BID 36943) Microsoft Excel Cache Memory Corruption Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when handling cache memory when opening an Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3128 (BID 36944) Microsoft Excel 'SxView' Memory Corruption Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel in the SxView component when opening an Excel file that contains a malformed record object. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3129 (BID 36945) Microsoft Excel 'Featheader' Record Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel in the Featheader component when opening an Excel file that contains a malformed record object. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3130 (BID 36946) Microsoft Excel Malformed BIFF Record Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when handling malformed BIFF records when opening an Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3131 (BID 36908) Microsoft Excel Formula Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when parsing a specially crafted formula embedded in a cell. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3132 (BID 36909) Microsoft Excel Index Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to pointer corruption when loading excel formulas. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3133 (BID 36911) Microsoft Excel Document Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel due to memory corruption when opening an Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

CVE-2009-3134 (BID 36912) Microsoft Excel Field Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code-execution vulnerability affects Excel when handling a malformed record object in an Excel file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

6. MS09-068 Vulnerability in Microsoft Office Word Allows Remote Code Execution (976307)

CVE-2009-3135 (BID 36950) Microsoft Word Record Parsing Remote Code Execution Vulnerability (MS Rating: Important / Symantec Urgency Rating 7.1/10)

A remote code execution vulnerability affects Word when handling files that contain a malformed record. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.

------------------------------------------

More information on these and the other vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.