August 12, 2009 12:00 PDT
Welcome to nCircle VERT Alert, a security and vulnerability updated from nCircle VERT.
Today’s VERT Alert provides information regarding Microsoft Patch Tuesday and the resulting 9 new bulletins.
Remote Unauthenticated Denial of Service in ASP.NET Vulnerability |
CVE-2009-1536 |
|
Microsoft Video ActiveX Control Vulnerability |
CVE-2008-0015 |
|
ATL Header Memcopy Vulnerability |
CVE-2008-0020 |
|
ATL Uninitialized Object Vulnerability |
CVE-2009-0901 |
|
ATL COM Initialization Vulnerability |
CVE-2009-2493 |
|
ATL Object Type Mismatch Vulnerability |
CVE-2009-2494 |
|
Malformed AVI Header Vulnerability |
CVE-2009-1545 |
|
AVI Integer Overflow Vulnerability |
CVE-2009-1546 |
|
WINS Heap Overflow Vulnerability |
CVE-2009-1923 |
|
WINS Integer Overflow Vulnerability |
CVE-2009-1924 |
|
MSMQ Null Pointer Vulnerability |
CVE-2009-1922 |
|
Workstation Service Memory Corruption Vulnerability |
CVE-2009-1544 |
|
Telnet Credential Reflection Vulnerability |
CVE-2009-1930 |
|
Office Web Components Memory Allocation Vulnerability |
CVE-2009-0562 |
|
Office Web Components Heap Corruption Vulnerability |
CVE-2009-2496 |
|
Office Web Components HTML Script Vulnerability |
CVE-2009-1136 |
|
Office Web Components Buffer Overflow Vulnerability |
CVE-2009-1534 |
|
Remote Desktop Connection Heap Overflow Vulnerability |
CVE-2009-1133 |
|
Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability |
CVE-2009-1929 |
The below table outlines the bulletins and the affected application/operating system:
While the affected software is identified as the .NET framework, it is important to understand that the vulnerability referenced is a DoS vulnerability in ASP.NET; this means that hosts running IIS 7.0 are affected. The vulnerability itself exists within ASP.NET’s request scheduling and standard HTML pages will still be served after a successful attack.
MS09-037
Plain and simple… this vulnerability is a mess to try and look at. It affects numerous applications that are seemingly unrelated. The key point to keep in mind is that these are further applications that made use of the Microsoft Active Template Library (ATL), which we had previously seen an OOB patch (MS09-034). VERT recommends installing this patch (or patches) as soon as possible. IP360 customers will be able to quickly determine if they missed any required patches following tomorrow’s SLA-bound release.
MS09-038
AVI parsing vulnerabilities are nothing new, and this serves as another reminder that users have to be very careful regardless of the type of file that they are accessing.
MS09-039
There are two vulnerabilities in the WINS advisory and both of them involve remote code execute. The important thing to note is that while one of these vulnerabilities requires a trusted replication partner, the other can be exploited by an anonymous attacker. VERT recommends patching WINS servers as soon as possible. This is also a good time to consider auditing the necessity of your WINS servers, and really any unneeded services. It’s not uncommon to have once required services that have simply never been disabled.
MS09-040
This vulnerability, if exploited, could lead to Local System access, beyond that keep in mind that the latest versions of the non-Server operating systems (XP and Vista) are not affected.
MS09-041
At first glance you may think of the dangerous vulnerabilities leading to remote code execution in similar advisories in the past. Luckily this is not the case here; the specially crafted RPC packet requires valid user credentials and then allows a user to elevate their privileges. This vulnerability may be seen as more of a priority for anyone who is concerned about insider threats in their organization, either way it should be patched immediately.
MS09-042
This telnet client vulnerability is a solution for credential reflection. Anyone who thinks this sounds familiar may remember that a similar issue existed in SMB a while back and had a module shipping in metasploit. The SMB issue was fixed in MS08-068. The issue exists where a malicious server could reflect the users credentials back to their computer in order to gain access to it; this is an update to remove that threat.
MS09-043
This Office Web Component update, resolves issues that had previously been had their kill bits released in an advisory, along with a Microsoft Fix-It tool. These issues are now being fixed in an MS Advisory.
MS09-044
After an exciting list of random vulnerabilities, we finish off with Remote Desktop Connection. This is a client-side vulnerability affecting the client and the ActiveX control.