September 8, 2009 12:45 PDT

The nCircle VERT Alert is brought to you by nCircle VERT, nCircle’s security and configuration research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.

This VERT Alert discusses 5 new Microsoft Security Bulletins. nCircle VERT is actively working on coverage for these issues in order to meet our 24-hour SLA. VERT is expecting to ship ASPL-314 on Wednesday, September 9th. At the time of release, none of the vulnerabilities in these bulletins were being actively exploited.

MS09-045	JScript Remote Code Execution Vulnerability	CVE-2009-1920
MS09-046	DHTML Editing Component ActiveX Control Vulnerability	CVE-2009-2519
MS09-047	Windows Media Header Parsing Invalid Free Vulnerability	CVE-2009-2498
	Windows Media Playback Memory Corruption Vulnerability	CVE-2009-2499
MS09-048	TCP/IP Zero Window Size Vulnerability	CVE-2008-4609
	TCP/IP Timestamps Code Execution Vulnerability	CVE-2009-1925
	TCP/IP Orphaned Connections Vulnerability	CVE-2009-1926
MS09-049	Wireless Frame Parsing Remote Code Execution Vulnerability	CVE-2009-1132

MS09-045

This is the first of two drive-by vulnerabilities patched today. Once again this is evidence of the importance of safe computing policies and practicing safe browsing. While the underlying vulnerability is in JScript, it is important to note that IE is the primary attack vector. It is also important to note that every version of Windows is affected by this bulletin.

MS09-046

This bulletin, which covers Windows 2000, Windows XP and Windows Server 2003, is the second drive-by vulnerability being patched today. While this bulletin covers an ActiveX control it is good to see a proper binary patch rather than a killbit mitigation. The affected file is triedit.dll.

MS09-047

The two vulnerabilities addressed in this bulletin are related to the processing of media files. A good take-away from this bulletin, if you haven’t already considered it, is that there’s no such thing as a safe file.

MS09-048

This bulletin really caught VERT’s attention. There are two things to note here. The first is that Windows XP is not affected in its default configuration. The wording has lead VERT to suspect that it may be possible to introduce this vulnerability into Windows XP; we are hopeful that Microsoft will provide further clarification on this subject. Windows 2000 users should note that they are affected by this vulnerability, but Microsoft is not issuing a patch as it would require massive re-architecting of Windows 2000.

MS09-049

This last bulletin addresses a wireless issue affecting Vista and Server 2008. While Microsoft states that remote code execution is unlikely, VERT recommends that companies ensure that their laptop users are patched against this vulnerability as soon as possible. VERT expects that road warriors would be the most likely target of a successful exploit.

As always VERT recommends that you apply all the patches as soon as possible. Should your IT policy require additional testing time before patches are rolled out, please be aware that exploits for the drive-by vulnerabilities could appear very quickly.

---

Contact | Site Map | Privacy Policy | Trademark

Configuration Auditing | File Integrity Monitoring | PCI Compliance | SOX Compliance | GLBA Compliance | Security Risk Management | HIPAA Compliance | Vulnerability Management | Network Security | Security Audit | Vulnerability Assessment | FDCC Compliance