Gladiator Research and Security

Microsoft has announced eight new patches for its monthly release cycle.  There are five critical patches, two important and one moderate patch, affecting Microsoft Office, Windows, Internet Explorer, DirectX, ISA Server, Wordpad, SearchPath and HTTP Services.  Some of these patches are extremely critical and should be applied immediately.  Exploit code is publicly available for them and they are currently being exploited by malware authors.  These exploits can and do allow remote code execution on vulnerable systems.  Detailed information for the patches can be found in Microsoft’s April Security Bulletin and at SANS Internet Storm Center.  Summary information is included below:

• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (MS09-009) – This update is critical for Excel 2000, and important for all other versions.  This exploit could allow remote code execution.  Gladiator recommends users patch as soon as possible, as this issue is already being exploited.
• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (MS09-010) – This update is rated critical, and applies to Wordpad and Microsoft Office Text Converters.  This exploit could allow remote code execution.  Gladiator recommends users patch as soon as possible, as this issue is already being exploited.
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (MS09-011) – This vulnerability is rated critical, and applies to Microsoft Windows, specifically to DirectShow.  An attacker who exploits this vulnerability could remotely execute code.  Gladiator recommends users patch this vulnerability as soon as possible.
• Vulnerabilities in Windows Could Allow Elevation of Privilege (MS09-012) – This update is rated important, and applies to Microsoft Windows.  This exploit allows privilege escalation, meaning an application not running as an administrator could gain administrative privileges.  Although only rated important instead of critical, Gladiator recommends users patch as soon as possible, as this issue is already being exploited.
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (MS09-013) – This update is rated critical, and applies to Microsoft Windows HTTP Services.  This exploit allows remote code execution.  Gladiator recommends users patch as soon as possible, as the exploit code has been made public.
• Cumulative Security Update for Internet Explorer (MS09-014) – This update is rated critical, and applies to Internet Explorer 7 and earlier.  This exploit allows remote code execution through viewing a malicious website.  Gladiator recommends users patch as soon as possible, as the exploit code has been made public.
• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (MS09-015) – This update is rated moderate, and can safely be applied during your normal patch window.
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (MS09-016) – This patch is for ISA Server, and fixes a denial of service and an information disclosure vulnerability.  It is rated important.  This patch can be applied during your normal patch window.

Gladiator recommends that users patch their systems quickly for MS09-009 through MS09-014, as exploit code has either been released or is likely in the near future

Related Links:

• Microsoft Security Bulletin (https://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx)
• SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=6193&rss)