Gladiator Research and Security

Microsoft has announced 6 new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Publisher, ISA Server, and Virtual PC.   Three patches are rated Critical, and allow for remote code execution on vulnerable systems.   The other three patches are rated Important, leading to elevation of privileges and a remote code exploit for Publisher.  Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s July Security Bulletin.  Summary information is included below:

• Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) (MS09-029) – This update fixes two remote code execution vulnerabilities in the Windows Font Engine.  This vulnerability is rated Critical, and should be patched as soon as possible.
• Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) (MS09-028) – This vulnerability affects Microsoft DirectShow, which is included with Windows.  This vulnerability is rated Critical and is currently being publicly exploited.  This vulnerability should be patched as soon as possible on all workstations and servers.
• Cumulative Security Update of ActiveX Kill Bits (973346) (MS09-032) - This patch updates some ActiveX Kill Bits, which are used by Internet Explorer to determine accessible ActiveX controls.  This patch is rated Critical, as some of the controls in question are currently being exploited by malicious websites.  Gladiator recommends that all systems be patched as soon as possible.
• Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) (MS09-033) – This patch fixes a privately disclosed vulnerability in Virtual PC and Server, which allows for an elevation of privileges.  This patch can be applied during your regular patch release cycle.
• Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) (MS09-031) – This patch fixes a privately disclosed vulnerability in Microsoft ISA Server 2006 that could result in an elevation of privileges.  Only servers running Radius One Time Password (OTP) authentication are vulnerable.  This patch can be applied during your regular patch release cycle.
• Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) (MS09-030) – This patch fixes a privately disclosed vulnerability in Microsoft Publisher that allows remote code execution.  Users would have to open a malicious Publisher document in order to be exploited.  Gladiator recommends that users apply this patch as soon as possible to all systems with Microsoft Publisher installed.

Gladiator recommends that users patch their systems quickly for MS09-028, MS09-029, MS09-030, and MS09-032 as exploit code has either been released or is likely to be released in the near future.

Related Links:

• Microsoft Security Bulletin (https://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx)
• SANS Diary Entry (http://isc.sans.org/diary.html?storyid=6790)