Critical System Protection

 View Only

Microsoft Security bulletin 

Apr 24, 2009 01:13 AM

This alert is to provide you with an overview of the new Security Bulletin being released on 14 April 2009.



New Security Bulletins



Microsoft has released eight new security bulletins:



Bulletin ID
Bulletin Title
Maximum Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software

MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
Critical
Remote Code Execution
May require restart
Microsoft Office

MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Microsoft Office

MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
Critical
Remote Code Execution
May require restart
Microsoft Windows

MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
Important
Elevation of Privilege
Requires restart
Microsoft Windows

MS09-013
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
Critical
Remote Code Execution
Requires restart
Microsoft Windows

MS09-014
Cumulative Security Update for Internet Explorer (963027)
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Internet Explorer

MS09-015
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Moderate
Elevation of Privilege
Requires restart
Microsoft Windows

MS09-016
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Important
Denial of Service
Requires restart
Microsoft Forefront Edge Security




Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-Apr.mspx.



Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.



High-Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB Article found at http://support.microsoft.com/?id=894199.



Public Bulletin Webcast



Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft April Security Bulletins (Level 200)

Date: Wednesday, April 15, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032395126

New Security Bulletin Technical Details



In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/.



Bulletin Identifier
Microsoft Security Bulletin MS09-009


Bulletin Title
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)


Executive Summary
This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Additional Details
· This security update addresses the vulnerabilities by modifying the way that Microsoft Office Word and Office text converters handle opening specially crafted Word 6.0, Windows Write, and WordPerfect documents.

· This security update also addresses the vulnerabilities by implementing fixes to WordPad and by preventing WordPad on affected platforms from opening Word 6.0 and Windows Write files.

· This security update also addresses the vulnerability first described in Microsoft Security Advisory 968272.


Severity Ratings and Affected Software
· This security update is rated Critical for all supported editions of Microsoft Office Excel 2000.

· For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; all supported versions of Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack Service Pack 1, this security update is rated Important.

· For more information, see the subsection, Affected and Non-Affected Software, in the bulletin at the link below.


Restart Requirement
This update may require a restart.


CVEs and Exploitability Index Ratings
CVE-2009-0100: 2 - Inconsistent exploit code likely.

CVE-2009-0238: 1 - Consistent exploit code likely. This vulnerability is currently being exploited in the Internet ecosystem.


Bulletins Replaced by This Update
MS08-074


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx









Bulletin Identifier
Microsoft Security Bulletin MS09-010


Bulletin Title
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)


Executive Summary
This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word.


Additional Details
· This security update addresses the vulnerabilities by modifying the way that Microsoft Office Word and Office text converters handle opening specially crafted Word 6.0, Windows Write, and WordPerfect documents.

· This security update also addresses the vulnerabilities by implementing fixes to WordPad and by preventing WordPad on affected platforms from opening Word 6.0 and Windows Write files.

· This security update also addresses the vulnerability first described in Microsoft Security Advisory 960906.


Severity Ratings and Affected Software
· This security update is rated Critical for supported editions of Microsoft Office Word 2000.

· This security update is also rated Important for supported editions of Microsoft Office Word 2002; Microsoft Office Converter Pack; and WordPad on all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.

· For more information, see the subsection, Affected and Non-Affected Software, in the bulletin at the link below.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2008-4841: 1 - Consistent exploit code likely. This vulnerability is currently being exploited in the Internet ecosystem.

CVE-2009-0087: 2 - Inconsistent exploit code likely. This is a complex vulnerability due to multiple code paths. Most exploit code will yield inconsistent results. Default mitigating factors protect against this vector.

CVE-2009-0088: 1 - Consistent exploit code likely. This vulnerability is exploitable but only affects older versions and an older, uncommon file format. Newer versions such as the 2007 Microsoft Office system and Microsoft Office 2003 Service Pack 3 are not affected.

CVE-2009-0235: 1 - Consistent exploit code likely. This memory corruption vulnerability is easily exploitable.


Bulletins Replaced by This Update
MS04-027


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx









Bulletin Identifier
Microsoft Security Bulletin MS09-011


Bulletin Title
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)


Executive Summary
This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Additional Details
The security update addresses the vulnerability by correcting the way that DirectShow decompresses media files.


Severity Ratings and Affected Software
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.


Restart Requirement
This update may require a restart.


CVEs and Exploitability Index Ratings
CVE-2009-0084: 2 - Inconsistent exploit code likely.




Bulletins Replaced by This Update
MS08-033


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-011.mspx









Bulletin Identifier
Microsoft Security Bulletin MS09-012


Bulletin Title
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)


Executive Summary
This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.


Additional Details
The security update addresses the vulnerabilities by correcting the way that Microsoft Windows addresses tokens requested by the Microsoft Distributed Transaction Coordinator (MSDTC), and by properly isolating WMI providers and processes that run under the NetworkService or LocalService accounts.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 951306.


Severity Ratings and Affected Software
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2008-1436: 1 - Consistent exploit code likely.

CVE-2009-0078: 1 - Consistent exploit code likely.

CVE-2009-0079: 1 - Consistent exploit code likely.

CVE-2009-0080: 1 - Consistent exploit code likely.

These vulnerabilities are currently being exploited in the Internet ecosystem.


Bulletins Replaced by This Update
MS07-022, MS08-002, and MS08-064.


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx









Bulletin Identifier
Microsoft Security Bulletin MS09-013


Bulletin Title
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)


Executive Summary
This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Additional Details
The security update addresses the vulnerabilities by changing the way that Windows HTTP Services handles errors and validates certificates, and by ensuring that Windows HTTP Services correctly use NTLM credential reflection protection mechanisms.


Severity Ratings and Affected Software
This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2009-0086: 1 - Consistent exploit code likely. This is an easily controllable memory vulnerability with multiple attack vectors and opportunities for exploitation due to widespread use of this technology.

CVE-2009-0089: 1 - Consistent exploit code likely. Exploit tools have been made public.

CVE-2009-0550**: 1 - Consistent exploit code likely. Exploit code has been made public.


Bulletins Replaced by This Update
None


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx





**This pair of vulnerabilities, assigned the same CVE number, is addressed in two security updates. Please refer to the respective bulletins for more information.





Bulletin Identifier
Microsoft Security Bulletin MS09-014


Bulletin Title
Cumulative Security Update for Internet Explorer (963027)


Executive Summary
This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Additional Details
The security update addresses these vulnerabilities by modifying the way that Internet Explorer searches the system for files to load, performs authentication reply validation, handles transition errors when navigating between Web pages, and handles memory objects.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 953818.


Severity Ratings and Affected Software
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows XP; and Internet Explorer 7 running on supported editions of Windows Vista. For Internet Explorer 6 and Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Important.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2008-2540*: 3 - Functioning exploit code unlikely. No known attack vectors for this issue exist currently, since the vulnerability requires another application to allow a file to be saved on a system without the user’s knowledge.

CVE-2009-0550**: 1 - Consistent exploit code likely. Exploit code has been made public.

CVE-2009-0551: 2 - Inconsistent exploit code likely.

CVE-2009-0552: 3 - Functioning exploit code unlikely. Mitigating factors for Internet Explorer 7 prevent code execution. Internet Explorer 6 and earlier versions have a higher chance of exploitation if not up-to-date with all security updates.

CVE-2009-0553: 3 - Functioning exploit code unlikely.

CVE-2009-0554: 1 - Consistent exploit code likely.


Bulletins Replaced by This Update
MS08-073, MS08-078, and MS09-002.


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx





*This pair of vulnerabilities, assigned the same CVE number, is addressed in two security updates. Please refer to the respective bulletins for more information.

**This pair of vulnerabilities, assigned the same CVE number, is addressed in two security updates. Please refer to the respective bulletins for more information.





Bulletin Identifier
Microsoft Security Bulletin MS09-015


Bulletin Title
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)


Executive Summary
This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.


Additional Details
The security update addresses the vulnerability by modifying the way that Windows loads files from the desktop.


Severity Ratings and Affected Software
This security update is rated Moderate for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. On Microsoft Windows 2000, this update is only classified as a defense-in-depth change.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 953818.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2008-2540*: 2 - Inconsistent exploit code likely. Attack details have been made public.


Bulletins Replaced by This Update
MS07-035


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx





*This pair of vulnerabilities, assigned the same CVE number, is addressed in two security updates. Please refer to the respective bulletins for more information.





Bulletin Identifier
Microsoft Security Bulletin MS09-016


Bulletin Title
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)


Executive Summary
This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.


Additional Details
The security update addresses the vulnerabilities by modifying the way that the firewall engine handles the TCP state and the way that HTTP forms authentication handles input.


Severity Ratings and Affected Software
This security update is rated Important for Forefront TMG MBE, ISA Server 2004, and ISA Server 2006.


Restart Requirement
This update requires a restart.


CVEs and Exploitability Index Ratings
CVE-2009-0077: 3 - Functioning exploit code unlikely: Service-based Denial of Service is highly probable. However, code execution is not possible.

CVE-2009-0237: 3 - Functioning exploit code unlikely: Information disclosure is possible. Code execution is highly improbable.


Bulletins Replaced by This Update
None.


Full Details
http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx







Please visit http://www.microsoft.com/technet/security For the most current information on these bulletins.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

May 08, 2009 12:06 AM

HI,

One can get all the above details by subscibing either to Microsoft Advisory or Symantec newsletters.

Rgrds,
SAM

Related Entries and Links

No Related Resource entered.