Gladiator Research and Security

Microsoft has announced 13 new patches for its February release. One vulnerability causing an elevation of privileges, fixed by MS10-015 and rated Important by Microsoft, already has exploit code available.  Five patches are rated Critical, seven are rated Important, and one is rated Moderate.  Gladiator recommends that users immediately apply all critical updates. Detailed information for these patches can be found in Microsoft’s February Security Bulletin.  Summary information is included below:

• Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) MS10-006 – This update fixes two privately-reported remote code execution vulnerabilities in Window’s SMB Client.  This vulnerability is rated Critical on Windows 2000, Windows XP, and Windows Server 2003 and Important on other versions of Windows.
• Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) MS10-007 – This update fixes a privately reported remote code execution vulnerability in Windows 2000, XP and Server 2003.  Other version are not affected.  The exploit can be triggered remotely through a web browser.
• Cumulative Security Update of ActiveX Kill Bits (978262) MS10-008 – This update fixes a privately-reported remote code execution vulnerability using maliciously-crafted ActiveX controls in Windows 2000, XP and Server 2003.  Other versions are not affected.  The exploit can be triggered remotely through a web browser.  Four ActiveX kill bits are also set.
• Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) MS10-009 - This update fixes four privately-reported vulnerabilities in Microsoft Windows.  At least one of these vulnerabilities is rated Critical.
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) MS10-013 - This update fixes a privately-reported remote code execution vulnerability in Microsoft DirectShow and is rated Critical.  This vulnerability is triggered by opening a malicious AVI file.
• Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) MS10-003 - This update fixes a privately-reported remote code execution vulnerability in Microsoft Office and is rated Important.  This vulnerability is triggered by opening a malicious Office file.
• Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) MS10-004 - This update fixes six privately-reported vulnerabilities in Microsoft PowerPoint.  This patch is rated Important by Microsoft and is triggered by opening a maliciously-crafted PowerPoint document.
• Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) MS10-010 - This update fixes a privately-reported denial of service vulnerability in Microsoft Server 2008 Hyper-V and is rated Important.
• Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) MS10-011 - This update fixes a privately-reported escalation of privileges vulnerability in Windows 2000, XP, and Server 2003 and is rated Important.   This vulnerability can only be exploited by a local user.
• Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) MS10-012 - This update fixes several privately-reported vulnerabilities in Microsoft Windows.  This patch is rated Important by Microsoft and is triggered by a specially crafted SMB packet.
• Vulnerability in Kerberos Could Allow Denial of Service (977290) MS10-014 - This update fixes a privately-reported denial of service vulnerability in Microsoft Windows and is rated Important.
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) MS10-015 - This update fixes one privately-reported  and one publicly reported elevation of privileges vulnerability in Microsoft Windows.  This patch is rated Important by Microsoft, and is only exploitable by a local user.
• Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) MS10-005 - This update fixes a privately-reported remote code execution vulnerability in Microsoft Paint and is rated Important.  This vulnerability is triggered by a user viewing a maliciously-crafted JPEG file in MS Paint.

Gladiator recommends that users patch their systems quickly for critically-rated vulnerabilities.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx)
• SANS ISC Diary (http://isc.sans.org/diary.html?storyid=8197)