Gladiator Research and Security

Microsoft has announced six new patches for its monthly patch release cycle.  These patches are for Microsoft Windows and Microsoft Office.  Three patches are rated Critical and affect Microsoft Windows and Microsoft Office, allowing for remote code execution on vulnerable systems.  Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s December Security Bulletin.  Summary information is included below:

• Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-071 – This update fixes two privately-released remote code execution vulnerabilities in Microsoft Windows.  These vulnerabilities are rated Critical on Windows Server 2008 Systems, and Important on other versions of Windows.  Systems are only affected if they use PEAP authentication with MS-CHAP v2.
• Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-074 – This update fixes a privately-reported remote code execution vulnerability in Microsoft Project.  This vulnerability is rated Critical and should be patched as soon as possible on all workstations with Microsoft Project.
• Cumulative Security Update for Internet Explorer (976325) MS09-072 – This patch fixes four privately-reported vulnerabilities and one public vulnerability in Internet Explorer.  The most severe vulnerability is a remote code execution issue viewing a maliciously crafted website.  This vulnerability is rated Critical.  Gladiator recommends that all workstation and server systems be patched as soon as possible.
• Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) MS09-069 – This patch fixes a privately-disclosed vulnerability in Microsoft Windows.   This patch is rated Important by Microsoft.  This vulnerability can only be exploited by an authenticated user.
• Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) MS09-070 - This patch fixes two privately-disclosed vulnerabilities in Microsoft Windows, which could result in remote code execution if an authenticated attacker sends a specially crafted web request to a web server running AD Federation Services. Gladiator recommends that users apply this patch to all servers.  This patch is rated Important by Microsoft.
• Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) MS09-073 – This patch fixes a privately-disclosed vulnerability in Microsoft WordPad and Microsoft Office Text Converter, which could result in remote code execution if a user opens a malicious Word 97 file.  Gladiator recommends that users apply this patch to all workstations as soon as possible.  This patch is rated Important by Microsoft.

Gladiator recommends that users patch their systems quickly for MS09-074, MS09-072, and MS09-073.  All other patches should be applied as soon as possible if your systems are using the affected protocols.  Otherwise, these patches can be applied during your normal patch cycle. Exploit code has either been released or is likely to be released in the near future for MS09-070, MS09-072, MS09-073 and MS09-074.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx)