July 13, 2010 1:59 PST
The nCircle VERT Alert is brought to you by nCircle VERT, nCircle’s research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.
Today’s VERT Alert addresses four new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-358 on Wednesday, July 14th.
| Help Center URL Validation Vulnerability | CVE-2010-1885 |
|
| Canonical Display Driver Integer Overflow Vulnerability | CVE-2009-3678 |
|
| Access ActiveX Control Vulnerability | CVE-2010-0814 |
|
| ACCWIZ.dll Uninitialized Variable Vulnerability | CVE-2010-1881 |
|
| Microsoft Outlook SMB Attachment Vulnerability | CVE-2010-0266
|
MS10-042
The patch for MS10-042 was highly anticipated, patching the public vulnerability that Tavis Ormandy released1 on June 10th. The issue exists due to a failure to properly validate HCP protocol URLs that are passed to Windows Help and Support Center. Successful exploitation of this vulnerability could lead to code execution and simply requires that the user visit a malicious web page. The vulnerability, which affects Windows XP and Server 2003, has seen public exploitation, so this one should be patched as soon as possible. Microsoft Security Research & Defense has released a blog post on this issue2.
MS10-043
This vulnerability was first discussed on gaming forums and was considered a blue screen bug; it wasn’t until May that it was identified as a vulnerability and Microsoft released an advisory. Specific conditions must be met for exploitation of the vulnerability to be possible (including display driver and the use of the Windows Aero theme) and it’s important to note that only 64-bit operating systems (Windows 7 and Server 2008 R2) are affected. While this vulnerability was discussed publicly, we’re not aware of any public exploitation.
MS10-044
This advisory patches two vulnerabilities related to the Microsoft Access Wizard Controls (ACCWIZ.dll). This patch sets ActiveX killbits to ensure the ActiveX controls cannot be loaded by a malicious web page and also updates ACCWIZ.dll.
MS10-045
This advisory patches a vulnerability in Outlook that could allow malicious individuals to create email messages with attachments that bypass the systems that warns users about certain types of attachments. The vulnerability succeeds at this by making use of UNC paths (commonly associated with access SMB shares) and Microsoft has said that the most likely attack vector will not be SMB but rather WebDAV resources. Microsoft Security Research & Defense has release a blog post on this issue3.
Ease of Use (published exploits) to Risk Table
Automated Exploit |
|
|
|
|
|
MS10-042 |
|
Easy |
|
|
|
|
|
|
|
Moderate |
|
|
|
|
|
|
|
Difficult |
|
|
|
|
|
|
|
Extremely Difficult |
|
|
|
|
|
|
|
No Known Exploit |
|
|
MS10-045 |
|
|
MS10-043 |
|
|
Exposure |
Local Availability |
Local Access |
Remote Availability |
Remote Access |
Local Privileged |
Remote Privileged |
Additional Info
VERT will also be shipping coverage for APSA10-01 with tomorrow’s ASPL package. This is a new vulnerability that has recently been announced affecting Flash Player, Adobe Reader and Acrobat. There are reports of active exploitation of this vulnerability in the wild, however a patch is not yet available. It has been reported that Flash 10.1 RC is not affected and Adobe has stated that updates will be made available by June 10th for Flash and June 29th for Reader and Acrobat. Until those updates are available ensure that you only open files that you are expecting and visit websites that you trust.
All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the nCircle website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.
1 http://seclists.org/fulldisclosure/2010/Jun/2052 http://blogs.technet.com/b/srd/archive/2010/07/13/ms10-042-vulnerability-in-help-and-support-center.aspx
3http://blogs.technet.com/b/srd/archive/2010/07/13/ms10-045-microsoft-office-outlook-remote-code-execution-vulnerability.aspx