Status Tracking Note JVNTR-2009-23

Microsoft Updates for Multiple Vulnerabilities (TA09-286A)

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront.
Event Information

Date (UTC)Description
2009-10-16 03:33 NSFOCUS
NSFOCUS Security Advisory (SA2009-03): Windows Kernel Malformed PE File Remote DoS Vulnerability
Windows Kernel NULL Pointer Dereference Vulnerability (CVE-2009-2516, MS09-058)
Windows kernel will parse and process the accessed PE files. When traversing the chains the kernel does not correctly validate if the pointer is NULL, therefore carefully crafted PE files might trigger access to illegal memory addresses within the kernel, leading to BSOD of system restart. Locally logged in users can also gain privilege escalation by exploiting this vulnerability.
2009-10-14 02:33 JPCERT/CC
JPCERT-AT-2009-0020: October 2009 Microsoft Security Bulletin (eight critical patches)
2009-10-14 00:10 Microsoft
Microsoft Security Advisory (975191): Vulnerabilities in the FTP Service in Internet Information Services
IIS FTP Service DoS Vulnerability (CVE-2009-3023, MS09-053)
IIS FTP Service RCE and DoS Vulnerability (CVE-2009-3023, MS09-053)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-053 to address this issue.
2009-10-14 00:10 Microsoft
Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution
SMBv2 Negotiation Vulnerability (CVE-2009-3103, MS09-050)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-050 to address this issue.
2009-10-13 22:09 Microsoft
ms09-oct: Microsoft Security Bulletin Summary for October 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-10-13 20:29 SANS Internet Storm Center
Microsoft October 2009 Black Tuesday Overview
Overview of the October 2009 Microsoft patches and their status.
2009-10-13 18:59 Symantec
ThreatCON (2) => (2)
Microsoft has released the scheduled security bulletins for October. Eight updates have a maximum severity rating of 'Critical'. Five updates are rated 'Important'.
2009-10-13 18:50 US-CERT
TA09-286A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2009-10-13 17:37 US-CERT
Microsoft Releases October Security Bulletin
US-CERT Current Activity
Microsoft has released an update to address vulnerabilities in Microsoft Windows, Silverlight, Internet Explorer, .NET Framework, Office, SQL Server, Developer Tools, and Forefront as part of the Microsoft Security Bulletin Summary for October 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-service condition, or spoof an end user or website.
2009-10-08 20:47 Microsoft
ms09-oct: Microsoft Security Bulletin Advance Notification for October 2009
Included in this advisory are updates for newly discovered vulnerabilities.
2009-09-16 16:45 Symantec
ThreatCON (2) => (2)
There is a vulnerability in the SMBv2 service of Windows Vista and Windows Server 2008. No patches are available. Customers are advised to follow recommended mitigating strategies.
2009-09-09 12:20 US-CERT
Microsoft Releases Security Advisory 975497
US-CERT Current Activity
Microsoft has released security advisory 975497 to address reports of a vulnerability in Microsoft Server Message Block. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
2009-09-09 11:54 SANS Internet Storm Center
Vista/2008/Windows 7 SMB2 BSOD 0Day (Version: 3)
We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out.
2009-09-09 02:14 Microsoft
Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution
Advisory published.
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation.
2009-09-08 13:41 SANS Internet Storm Center
Microsoft Security Advisory 975191 Revised
Not surprisingly Microsoft have revised their security advisory letting us know that there have been reports of incidents where this exploit was used to compromise systems. This might seem counter intuitive as the exploit code was public prior to the advisory coming out.
2009-09-08 01:50
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
2009-09-07
[Updated]Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
2009-09-04 03:29 SANS Internet Storm Center
Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0
Microsoft has published an advisory on multiple vulnerabilities in the Microsoft FTP services bundled with IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. At this time arbitrary remote code execution only works against IIS 5.0 running on Windows 2000 fully patched.
2009-09-03 21:53 Bugtraq
Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
Vulnerability Proof Of Concept (CVE-2009-2521)
#Tested: cpe:/a:microsoft:iis:5.0
#Tested: cpe:/a:microsoft:iis:6.0
2009-09-02 16:52 Symantec
ThreatCON (1) => (1)
Reliable exploits are now available for an unpatched vulnerability affecting the Microsoft IIS FTP server. Disable write access to anonymous users to prevent exploitation. If possible, disable anonymous access entirely.
2009-09-02 03:04 SANS Internet Storm Center
Microsoft IIS 5/6 FTP 0Day released (Version: 2)
We are aware of a new 0-day exploit that was posted on Milw0rm today. According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.
2009-09-02 01:59 Microsoft
Microsoft Security Advisory (975191): Vulnerabilities in the FTP Service in Internet Information Services
Advisory published.
Microsoft is investigating new public reports of a vulnerability in the FTP Service in Microsoft IIS 5.0, Microsoft IIS 5.1, and Microsoft IIS 6.0.
2009-09-01 Bugtraq
Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4)
Vulnerability Proof Of Concept (CVE-2009-3023)
#Cid: iiz5.pl
#Cid: 36189-2.pl
#Tested: cpe:/a:microsoft:iis:5.0
2009-08-31 18:27 US-CERT
Microsoft Internet Information Services (IIS) FTP Service Vulnerability
US-CERT Current Activity
US-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.
2009-08-31 Bugtraq
Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)
Vulnerability Proof Of Concept (CVE-2009-3023)
#Cid: iiz5.pl
#Cid: 36189.pl
#Tested: cpe:/a:microsoft:iis:5.0
2009-06-23 Zero Day Initiative (ZDI)
ZDI-09-071: Microsoft Internet Explorer writing-mode Memory Corruption Vulnerability
Uninitialized Memory Corruption Vulnerability (CVE-2009-2531, MS09-054)
Vulnerability Reported
The specific flaw exists in the parsing of CSS style information. When a writing-mode style is used with a specific combination of HTML tags, memory corruption occurs. Exploitation of this vulnerability will lead to remote system compromise under the credentials of the currently logged in user.
2009-06-23 Zero Day Initiative (ZDI)
ZDI-09-070: Microsoft Internet Explorer Event Object Type Double-Free Vulnerability
Uninitialized Memory Corruption Vulnerability (CVE-2009-2530, MS09-054)
Vulnerability Reported
The specific flaw exists within the copy constructor for a specific DOM object. When duplicated, more than one reference can be made of anything assigned to it's properties. When the variable/object goes out of scope, these properties will be deallocated twice. This results in a heap corruption which can lead to code execution under the context of the current user.
2008-04-25 iDefense
Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability
Memory Corruption Vulnerability (CVE-2009-2528, MS09-062)
Vulnerability Reported
The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer.
2008-04-16 Zero Day Initiative (ZDI)
ZDI-09-069: Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability
Windows Media Runtime Voice Sample Rate Vulnerability (CVE-2009-0555, MS09-051)
Vulnerability Reported
The specific flaw exists in the handling of Windows media audio files. When specifying a malicious sample rate for a Windows Media Voice frame, memory corruption can occur. Successful exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.
2008-02-07 Zero Day Initiative (ZDI)
ZDI-09-072: Microsoft Windows GDI+ TIFF Parsing Code Execution Vulnerability
GDI+ TIFF Memory Corruption Vulnerability (CVE-2009-2503, MS09-062)
Vulnerability Reported
The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted TIFF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. Successful exploitation can result in arbitrary code execution under the credentials of the currently logged in user.
2007-12-17 15:00 iDefense
Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability
GDI+ TIFF Buffer Overflow Vulnerability (CVE-2009-2502, MS09-062)
Vulnerability Reported
This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow.

Reference

Date first published (UTC): 2009-10-17T12:42+00:00
Date last updated (UTC): 2009-11-17T00:09+00:00
Valid HTML 4.01!