Windows Update for October 2009

Microsoft today released a series of patches to cover security issues in the Windows operating system and Office.

Here are the details on this month’s critical bulletins:

MS09-050 – Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-052 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)

This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-054 – Cumulative Security Update for Internet Explorer (974455)

This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529.

MS09-055 – Cumulative Security Update of ActiveX Kill Bits (973525)

This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-060 – Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-061 – Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.

MS09-062 – Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-053 – Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

MS09-056 – Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)

This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.

MS09-057 – Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-058 –  Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)

This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

MS09-059 – Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

If your PC is not already set to automatically download and install the updates from the Microsoft Update service you can perform the task manually here.

Kind Regards

Marc Liron – Microsoft MVP

Windows Updates for September 2009

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.

Here are the details on this month’s critical bulletins:

MS09-045: A remote code execution vulnerability exists in the way that the JScript scripting engine processes scripts in Web pages. The vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running a specially crafted script.  When the JScript scripting engine attempts to load the decoded script into memory in order to run it, a memory corruption can occur that may either cause Internet Explorer to stop responding, or lead to code execution. This flaw affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

MS09-046: A remote code execution vulnerability exists in the DHTML Editing Component ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When the Microsoft DHTML Editing Component ActiveX Control is instantiated in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code.  This update is rated “critical” for all supported editions of Microsoft Windows 2000 and Windows XP and Moderate for all supported editions of Windows Server 2003.

MS09-047: This bulletin includes fixes for two different vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file.  A malicious hacker could use booby-trapped MP3 of ASF files to launch code execution attacks. The update is rated critical for Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008.

MS09-049: Covers a serious vulnerability in the Windows Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.  The vulnerability is caused by lack of validation of part of a specific malformed frame transmitted by a remote wireless transmitter. This could lead to a heap overflow situation that may result in arbitrary code execution.

MS09-048: This update patches three different vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service.  Microsoft suggests that businesses use firewall best practices and standard default firewall configurations to help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

If your PC is not already set to automatically download and install the updates from the Microsoft Update service you can perform the task manually here.

Kind Regards

Marc Liron – Microsoft MVP

Windows Updates For August 2009

Microsoft released a series of security updates for Windows and Office on August 11th 2009.

The following is a summary of these security updates.

If you have not already received these updates on your computer via Automatic Updates then manually install them by visiting the Microsoft Update website using Internet Explorer.

August 2009 Windows and Office Security Updates

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (KB957638)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Office XP & 2003, Microsoft Visual Studio 2003 SP1, Microsoft ISA Server 2004 & 2006, Microsoft BizTalk Server 2002, Small Business Accounting 2006

—-

Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (KB970927)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows (All Versions), Microsoft Server 2008, Remote Desktop Connection Client for Mac

—-

Vulnerabilities in WINS Could Allow Remote Code Execution (KB969883)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (KB971557)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (KB973908)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Workstation Service Could Allow Elevation of Privilege (KB971657)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

Affected Software: Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Message Queuing Could Allow Elevation of Privilege (KB971032)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

Affected Software: Windows XP SP2, Windows Vista, Windows Server 2003 SP2

—-

Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (KB970957)

Maximum Severity Rating: Important

This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

Affected Software: Windows Vista and Vista SP1, Windows Server 2008

* Because IIS 7.0 does not run on Windows Vista Starter and Windows Vista Home Basic, the following editions are not affected: Windows Vista Starter (32-bit), Windows Vista Home Basic (32-bit), and Windows Vista Home Basic (64-bit).

—-

Vulnerability in Telnet Could Allow Remote Code Execution (KB960859)

Maximum Severity Rating: Important

This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & XP SP3, Windows Vista and Vista SP1, Windows Server 2003 SP2, Windows Server 2008

—-