VERT Alert

May 11, 2010 1:30 PST

The nCircle VERT Alert is brought to you by nCircle VERT, nCircle’s research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.

Today’s VERT Alert addresses two new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-349 on Wednesday, May 12th.

MS10-030
Outlook Express and Windows Mail Integer Overflow Vulnerability
CVE-2010-0816
MS10-031
VBE6.DLL Stack Memory Corruption Vulnerability
CVE-2010-0815

MS10-030

This bulletin discusses a single vulnerability affecting Outlook Express, Windows Mail and Windows Live Mail. The vulnerability, which could allow code execution, occurs when a malicious response is received from a POP3 or IMAP server.  This requires a man-in-the-middle, DNS poisoning or a user purposely pointing their client at a malicious server. It is also important to note that Windows 7 is not affected by default as it does not contain the affected software. The reason why Windows 7 is still listed is twofold; Windows Live Mail could be installed on the system and systems upgraded from Vista to Windows 7 (as opposed to a fresh install) will contain the software.

MS10-031

The vulnerability described in MS10-031 covers the Visual Basic Environment (VBE6.dll) associated with Visual Basic for Applications. There are multiple patches available that update the same library. With this bulletin it’s important to note that third party applications could be affected and may or may not be patched by the Microsoft-provided update. If third party vendors followed best practices, then the VBA update provided by Microsoft should solve the issue; however, if they did not, then a vendor-specific patch may be required.

As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

Ease of Use (published exploits) to Risk Table

Automated Exploit
              
Easy
              
Moderate
              
Difficult
              
Extremely Difficult
              
No Known Exploit
MS10-030
MS10-031
 
Exposure
Local Availability
Local Access
Remote Availability
Remote Access
Local Privileged
Remote Privileged


All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the nCircle website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.