Gladiator Research and Security

Microsoft has announced 11 new patches today to fix vulnerabilities that could allow remote code execution, denial of service, elevation of privileges, and spoofing.  Five patches are rated Critical by Microsoft and affect Microsoft Windows.  Five patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  One patch is rated Moderate and affects Microsoft Windows.  Gladiator recommends that users immediately apply the Critical patches. Detailed information for the patches can be found in Microsoft’s April Security Bulletin.  Summary information is included below:

• Vulnerabilities in Windows Could Allow Remote Code Execution (981210) MS10-019 – This update fixes two privately-reported remote code execution vulnerabilities in Windows Authenticode Verification, included with Microsoft Windows.  This vulnerability is rated Critical for all versions of Microsoft Windows.
• Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) MS10-020 – This update fixes a privately-reported remote code execution vulnerability in Microsoft Windows.  This vulnerability is rated Critical by Microsoft for all versions of Windows.  Attackers can exploit this vulnerability by tricking a victim into connecting to a malicious SMB server.
• Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) MS10-025 – This update fixes a privately-reported remote code execution vulnerability in Microsoft Media Services on Windows 2000 Server.  This vulnerability is rated Critical by Microsoft.  Attackers can exploit this vulnerability by sending malicious packets to the Windows Media Service.
• Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) MS10-026 – This update fixes a privately-reported remote code execution vulnerability in Microsoft MPEG Layer-3 audio codecs.  This vulnerability is rated Critical by Microsoft for all versions of Windows except Vista, which is rated Important.  Attackers can exploit this vulnerability by tricking a user into opening a maliciously-crafted AVI file.
• Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402) MS10-027 – This update fixes a privately-reported remote code execution vulnerability in Windows Media Player, included with Microsoft Windows.  This vulnerability is rated Critical by Microsoft.  Attackers can exploit this vulnerability by tricking a user into opening maliciously-crafted website.
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683) MS10-021 – This update fixes several privately-reported escalation of privilege vulnerabilities in the Windows Kernel.  This vulnerability is rated Important by Microsoft.  An attacker would need local access before this vulnerability could be exploited.
• Vulnerability in VBScript Could Allow Remote Code Execution (981169) MS10-022 – This update fixes a privately-reported remote code execution vulnerability in VBScript, included with Microsoft Windows.  This vulnerability is rated Important by Microsoft on all versions of Windows except Windows Server 2008 and Windows 7.  These versions are not affected.  Attackers can exploit this vulnerability by tricking a user into launching the Windows Help feature on a maliciously-crafted website.
• Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160) MS10-023 – This update fixes a privately-reported remote code execution vulnerability in Microsoft Office Publisher.  This vulnerability is rated Important by Microsoft.  Attackers can exploit this vulnerability by tricking a user into launching a maliciously-crafted Publisher file.
• Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) MS10-024 – This update fixes one  privately and one publicly-reported denial of service vulnerability in Microsoft Exchange and the Windows SMTP Service.  This vulnerability is rated Important by Microsoft.  Attackers can exploit this vulnerability by sending a maliciously-crafted DNS request to a server running SMTP.
• Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) MS10-028 – This update fixes two privately-reported remote code execution vulnerabilities in Microsoft Visio.  This vulnerability is rated Important by Microsoft.  A user must open a specially-crafted Visio file to trigger this vulnerability.
• Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338) MS10-029 – This update fixes a privately-reported spoofing vulnerability in Microsoft Windows.  This vulnerability is rated Moderate by Microsoft.  Windows 2008 and Windows 7 are not vulnerable.  Attackers can spoof a source IP address to try and bypass filtering devices using this vulnerability.

Gladiator recommends that users patch their systems quickly for all Critical patches.  Other patches can be released during your normal update windows.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx)
• SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=8626)