September 3, 2009 12:04 PDT
The nCircle VERT Alert is brought to you by nCircle VERT, nCircle’s security and configuration research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.
On Tuesday, September 7th Microsoft will release 5 new bulletins that affect a number of products, spanning five operating systems. In keeping with our 24 hour SLA, on Wednesday, September 8th VERT will release ASPL-314 which will include detection for these new vulnerabilities.
The bulletins are rated as follows:
Bulletin |
Severity Rating |
Vulnerability Impact 1 |
Bulletin #1 |
Critical |
Remote Code Execution |
Bulletin #2 |
Critical |
Remote Code Execution |
Bulletin #3 |
Critical |
Remote Code Execution |
Bulletin #4 |
Critical |
Remote Code Execution |
Bulletin #5 |
Critical |
Remote Code Execution |
The below table outlines the bulletins and the affected application/operating system:
|
Bulletin #1 |
Bulletin #2 |
Bulletin #3 |
Bulletin #4 |
Bulletin #5 |
Windows 2000 |
x |
|
x |
x |
x |
Windows XP |
x |
|
x |
|
x |
Windows Server 2003 |
x |
|
x |
x |
x |
Windows Vista |
x |
x |
x |
x |
|
Windows Server 2008 |
x |
x |
x |
x |
|
While VERT does not have advanced information on these bulletins, we do work to perform our own internal analysis based on the available data. We’re currently operating under the assumption that Bulletin #5 will contain a patch for the recent IIS FTP issue2. This is because they have rated Windows 200 and Windows XP as Critical and Windows Server 2003 as Moderate with Vista/ Server 2008 being left as unaffected. This echoes the comments of a recent Microsoft Research & Defense blog post3.
As VERT receives more information on these bulletins, we will release further details. The next scheduled VERT Alert will be on Tuesday, September 7th and will contain information on these specific bulletins.
1. Vulnerability Impact refers to Microsoft’s definition and not nCircle’s definition.
2. http://www.ncircle.com/index.php?s=resources_vert_VERT-Alert-2009-09-02
3. http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx