VERT Alert
June 8, 2010 3:45 PST
The nCircle VERT Alert is brought to you by nCircle VERT, nCircle’s research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.
Today’s VERT Alert addresses ten new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-353 on Wednesday, June 9th.
MS10-032 |
Win32k Improper Data Validation Vulnerability |
CVE-2010-0484 |
Win32k Window Creation Vulnerability |
CVE-2010-0485 |
|
Win32k TrueType Font Parsing Vulnerability |
CVE-2010-1255 |
|
MS10-033 |
Media Decompression Vulnerability |
CVE-2010-1879 |
MJPEG Media Compression Vulnerability |
CVE-2010-1880 |
|
MS10-034 |
Microsoft Data Analyzer ActiveX Control Vulnerability |
CVE-2010-0252 |
Microsoft Internet Explorer 8 Developer Tools Vulnerability |
CVE-2010-0811 |
|
MS10-035 |
Cross-Domain Information Disclosure Vulnerability |
CVE-2010-0255 |
toStaticHTML information Disclosure Vulnerability |
CVE-2010-1257 |
|
Uninitialized Memory Corruption Vulnerability I |
CVE-2010-1259 |
|
HTML Element Memory Corruption Vulnerability |
CVE-2010-1260 |
|
Uninitialized Memory Corruption Vulnerability II |
CVE-2010-1261 |
|
Memory Corruption Vulnerability |
CVE-2010-1262 |
|
MS10-036 |
COM validation Vulnerability |
CVE-2010-1263 |
MS10-037 |
OpenType CFF Font Driver Memory Corruption Vulnerability |
CVE-2010-0819 |
MS10-038 |
Excel Record Parsing Memory Corruption Vulnerability |
CVE-2010-0821 |
Excel Object Stack Overflow Vulnerability |
CVE-2010-0822 |
|
Excel Memory Corruption Vulnerability I |
CVE-2010-0823 |
|
Excel Record Memory Corruption Vulnerability I |
CVE-2010-0824 |
|
Excel Record Memory Corruption Vulnerability II |
CVE-2010-1245 |
|
Excel RTD Memory Corruption Vulnerability |
CVE-2010-1246 |
|
Excel Memory Corruption Vulnerability II |
CVE-2010-1247 |
|
Excel HFPicture Memory Corruption Vulnerability |
CVE-2010-1248 |
|
Excel Memory Corruption Vulnerability III |
CVE-2010-1249 |
|
Excel EDG Memory Corruption Vulnerability |
CVE-2010-1250 |
|
Excel Record Stack Corruption Vulnerability |
CVE-2010-1251 |
|
Excel String Variable Vulnerability |
CVE-2010-1252 |
|
Excel ADO Object Vulnerability |
CVE-2010-1253 |
|
Mac Office Open XML Permissions Vulnerability |
CVE-2010-1254 |
|
MS10-039 |
Help.aspx XSS Vulnerability |
CVE-2010-0817 |
toStaticHTML Information Disclosure Vulnerability |
CVE-2010-1257 |
|
Sharepoint Help Page Denial of Service vulnerability |
CVE-2010-1264 |
|
MS10-040 |
IIS Authentication Memory Corruption Vulnerability |
CVE-2010-1256 |
MS10-041 |
XML Signature HMAC Truncation Authentication Bypass Vulnerability |
CVE-2009-0217 |
MS10-032
This bulletin describes three vulnerabilities affecting Windows Kernel-Mode drivers. One of the vulnerabilities (CVE-2010-0485) had been publicly disclosed prior to the release of this bulletin.
MS10-033
This bulletin describes two critical vulnerabilities affecting all versions of Windows. Both vulnerabilities were responsibly disclosed, however media related vulnerabilities are generally prime candidates for exploits. Patching this vulnerability as soon as possible is advised.
MS10-034
ActiveX Kill Bits are becoming a regular part of patch Tuesday. In addition to five third-party class IDs, Microsoft is adding kill bits for two of its products, Microsoft Data Analyzer and Microsoft IE 8 Developer Tools. It is important to note that while the software may not exist on a system, adding the kill bits is still an important step to in depth security, as the controls could be installed at a later date.
MS10-035
This month’s IE bulletin patches six vulnerabilities including the public CVE-2010-0255 (released by Core Security) and the IE8 PWN2OWN bug. This bulletin should also be targeted for installation as soon as possible. VERT has already been shipping detection of CVE-2010-0255 and will simply be updating the detection method this month.
MS10-036
This bulletin addresses a single vulnerability affecting the Excel, PowerPoint, Word, Publisher and Visio components of Office 2003 and 2007, as well as Office XP, 2003 and 2007.
MS10-037
A single vulnerability affecting OpenType CFF Fonts which could lead to elevation of privilege is described by MS10-037.
MS10-038
This bulletin addresses 14 vulnerabilities, one of which only affects Mac Office. This bulletin addresses the most CVEs of any bulletin released this month.
MS10-039
This bulletin addresses three vulnerabilities affecting SharePoint and InfoPath. Included in this bulletin is the patch for the public SharePoint XSS that has received some attention a couple of months ago. VERT has been shipping detection for this public vulnerability since the May Patch Tuesday.
MS10-040
This update fixes a single vulnerability affecting IIS. While IIS is only vulnerable in a specific configuration, where Extended Protection for Authentication is enabled and Windows credentials are used for authentication, it is still recommended that all IIS users apply this update.
MS10-041
This final update of June 2010 patches a single vulnerability related to .NET. Software making use of a specific .NET method could be subject to authentication bypass. This means that content protected by a XML Signature (verified using the affected method) could potentially be tampered with and replaced with new content.
As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.
Ease of Use (published exploits) to Risk Table
Automated Exploit |
|
|
|
|
|
|
|
Easy |
|
|
|
|
MS10-039 |
|
|
Moderate |
|
|
MS10-035 |
|
|
|
|
Difficult |
|
|
|
|
|
|
|
Extremely Difficult |
|
|
|
|
|
|
|
No Known Exploit |
|
MS10-041 |
MS10-033 |
|
|
MS10-032 |
|
|
Exposure |
Local Availability |
Local Access |
Remote Availability |
Remote Access |
Local Privileged |
Remote Privileged |
Additional Info
VERT will also be shipping coverage for APSA10-01 with tomorrow’s ASPL package. This is a new vulnerability that has recently been announced affecting Flash Player, Adobe Reader and Acrobat. There are reports of active exploitation of this vulnerability in the wild, however a patch is not yet available. It has been reported that Flash 10.1 RC is not affected and Adobe has stated that updates will be made available by June 10th for Flash and June 29th for Reader and Acrobat. Until those updates are available ensure that you only open files that you are expecting and visit websites that you trust.
All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the nCircle website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.