Latest Security Advisories & Notable Vulnerabilities

Multiple Updates Issued and Vulnerabilities Found
 Severity:    
 Advisory Date:  14 Apr 2010

Following this month's Patch Tuesday release of Microsoft, multiple software vendors have also released patches for their own products. These companies include Adobe and Oracle.

Below is a summary of the patches released by these companies and the specific vulnerabilites they aim to address:

  • Adobe
    • Unknown vulnerability in Adobe Reader and Acrobat. This affects Versions 8.x before 8.2.1 and 9.x before 9.3.1. Once exploited, attackers can deploy denial of service (DoS) attacks on the compromised system. For more information, please refer to this page: Malware Blog entry: "Adobe and Microsoft Simultaneously Release Patches"
  • Microsoft
    • Vulnerabilities in Windows Could Allow Remote Code Execution. Once exploited, attackers can take complete control on an affected system. For more information, please refer to this page:
    • Vulnerabilities in SMB Client Could Allow Remote Code Execution. Once exploited, attackers can perform remote code execution. For more information, please refer to this page:
    • Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege. Once exploited, attackers can run specially crafted applications on the affected system. For more information, please refer to this page:
    • Vulnerability in VBScript Could Allow Remote Code Execution. Once exploited, attackers can take complete control of the affected system. For more information, please refer to this page:
    • Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution. Once exploited, attackers can gain elevated rights on a system. For more information, please refer to this page:
    • Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service. Once exploited, attackers can launch denial of service (DoS) attacks on the affected system. For more information, please refer to this page:
    • Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution. Once exploited, attackers can perform remote code execution. For more information, please refer to this page:
    • Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution. Once exploited, attackers can take complete control of an affected system. For more information, please refer to this page:
    • Vulnerability in Windows Media Player Could Allow Remote Code Execution. Once exploited, attackers can gain elevated rights on a system. For more information, please refer to this page:
    • Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution. Once exploited, attackers can gain elevated rights on a system. For more information, please refer to this page:
    • Vulnerability in Windows ISATAP Component Could Allow Spoofing. Once exploited, attackers can spoof an IPv4 address. For more information, please refer to this page: Malware Blog entry: "Adobe and Microsoft Simultaneously Release Patches"
  • Oracle

Trend Micro recommends users to apply these patches if they are installed in their systems.

Java, on the other hand, has issued a document days before Patch Tuesday fully disclosing an error found in their toolkit. A patch for it is yet to be provided.

Users of Trend Micro Deep Security™ and Trend Micro OfficeScan™ are already protected against this vulnerability via the Intrusion Defense Firewall (IDF) plug-in. Make sure your systems are updated with the IDF rule number 1004091.

  • (MS10-019) Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

    This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  • (MS10-020) Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

    This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request.

  • (MS10-021) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

    This security update resolves a privately reported This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.

  • (MS10-022) Vulnerability in VBScript Could Allow Remote Code Execution (981169)

    This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution.

  • (MS10-023) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)

    This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file.

  • (MS10-024) Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)

    This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service.

  • (MS10-025) Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)

    This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server.

  • (MS10-026) Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)

    This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream.

  • (MS10-027) Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

    This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.

  • (MS10-028) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

    This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file.

  • (MS10-029) Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

    This security update resolves one privately reported vulnerability in Microsoft Windows. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address.

(MS10-018) Cumulative Security Update for Internet Explorer (980182)
 Severity:    
 Advisory Date:  30 Mar 2010
This update resolves several vulnerabilities in various versions of Internet Explorer. Some of the vulnerabilities, when exploited successfully, may allow remote code execution.

The trigger to exploit these vulnerabilities is when a user, using a vulnerable version of Internet Explorer, visits or views a specially crafted webpage. Note that the impact is relative to the rights of the currently logged on user - users who have administrative rights on a system are highly impacted than those with few or no administrative rights.

Microsoft Internet Explorer Invalid Pointer Reference Remote Code Execution
 Severity:    
 Advisory Date:  09 Mar 2010
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." nvd: Further information on this vulnerability can be found at the following link from Microsoft: http://support.microsoft.com/kb/981374
Microsoft addresses the following vulnerabilities in its March batch of patches:
  • (MS10-016) Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

    This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003.

  • (MS10-017) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

    This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel.

Microsoft Internet Explorer does not properly validate parameters passed to the MsgBox function. This vulnerability could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
Microsoft addresses the following vulnerabilities in its February batch of patches:

(MS10-003) Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

(MS10-004) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Risk Rating: High
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint.

(MS10-005) Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Risk Rating: Medium
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.

(MS10-006) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-007) Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-008) Cumulative Security Update of ActiveX Kill Bits (978262)
Risk Rating: Critical
This security update addresses a privately reported vulnerability for Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer.

(MS10-009) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled.

(MS10-010) Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Risk Rating: High
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V.

(MS10-011) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003.

(MS10-012) Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Risk Rating: High
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.

(MS10-013) Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Risk Rating: Critical
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-014) Vulnerability in Kerberos Could Allow Denial of Service (977290)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-015) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Risk Rating: High
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application.
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

It is believed that while Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Microsoft addresses the following vulnerability in its January batch of patches:

  • (MS10-001) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
    This security update resolves a privately reported vulnerability in Microsoft Windows.
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.