Gladiator Research and Security

Microsoft has announced six new patches for its monthly patch release cycle.  These patches are for Microsoft Windows and Microsoft Office.  Three patches are rated Critical and affect Microsoft Windows, allowing for remote code execution on vulnerable systems.  Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s November Security Bulletin.  Summary information is included below:

• Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) MS09-063 – This update fixes a privately released remote code execution vulnerability in the Web Services API.  This vulnerability is rated Critical on Windows Vista and Windows 2008 systems, and should be patched as soon as possible.  Other versions of windows are not affected.
• Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) MS09-064 – This update fixes a privately reported vulnerability in Windows 2000.  This vulnerability is rated Critical and should be patched as soon as possible on all Windows 2000 Servers.
• Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) MS09-065 – This patch fixes several privately reported vulnerabilities in the Windows Kernel.  The most severe vulnerability is a remote code execution issue while accessing Embedded OpenType Fonts.  This vulnerability is rated Critical and can be exploited remotely, as websites can call malicious font objects.  Gladiator recommends that all workstation and server systems be patched as soon as possible.
• Vulnerability in Active Directory Could Allow Denial of Service (973309) MS09-066 – This patch fixes a privately disclosed vulnerability in Active Directory, which could result in a denial of service. Gladiator recommends that users apply this patch, at minimum, to all domain controllers and servers running Active Directory Application Mode and Lightweight Directory Services.  This patch is rated Important by Microsoft.
• Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) MS09-067- This patch fixes several privately disclosed vulnerabilities in Microsoft Excel, which could result in remote code execution if a user opens a malicious Excel file. Gladiator recommends that users apply this patch to all workstations as soon as possible.  This patch is rated Important by Microsoft.
• Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) MS09-068 – This patch fixes a privately disclosed vulnerability in Microsoft Word, which could result in remote code execution if a user opens a malicious Word file. Gladiator recommends that users apply this patch to all workstations as soon as possible.  This patch is rated Important by Microsoft.

Gladiator recommends that users patch their systems quickly for MS09-063, MS09-065, MS09-067, and MS09-068.  Furthermore, MS09-064 should be applied to any Windows 2000 system. Exploit code has either been released or is likely to be released in the near future for the aforementioned vulnerabilities.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx)
• SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7564)