Gladiator Research and Security

Microsoft has announced 10 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering.  Three patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Seven patches are rated Important by Microsoft and affect Microsoft Windows, Office, and the .NET Framework.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Other patches can be applied during your normal patch roll outs.  Detailed information for the patches can be found in Microsoft’s June Security Bulletin.  Summary information is included below:

• Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) MS10-033 – This update fixes two privately-reported remote code execution vulnerabilities in Microsoft Windows.  This vulnerability is rated Critical.  This vulnerability is triggered by a victim streaming specially crafted malicious content from a website.
• Cumulative Security Update of ActiveX Kill Bits (980195) MS10-034 – This update fixes two privately-reported remote code execution vulnerabilities by disabling certain ActiveX controls.  This vulnerability is rated Critical for Microsoft Windows 2000, XP, Vista and Windows 7.  It is rated Moderate for Windows Server 2003 and 2008.  Attackers can exploit this vulnerability by calling vulnerable ActiveX controls inside of Internet Explorer.
• Cumulative Security Update for Internet Explorer (982381) MS10-035 – This update fixes five privately-reported vulnerabilities and one publicly-disclosed vulnerability in Internet Explorer.  The most severe vulnerabilities will allow remote code execution.  This vulnerability is rated Critical. Attackers can exploit this vulnerability through specially crafted web pages in Internet Explorer.
• Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) MS10-032 – This update fixes two publicly-reported vulnerabilities and one privately-disclosed vulnerability in Windows Kernel-mode drivers.  This vulnerability is rated Important.  These vulnerabilities could allow elevation of privilege on affected systems if a user rendered a maliciously crafted TrueType font.
• Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) MS10-036 – This update fixes a privately-disclosed vulnerability in Microsoft Office.  This vulnerability is rated Important.  This vulnerability could allow remote code execution on affected systems if a user opens a malicious crafted office file using Excel, Word, Visio, Publisher or PowerPoint.
• Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) MS10-037 – This update fixes a privately-disclosed vulnerability in the Windows OpenType Compact Font Format driver.  This vulnerability is rated Important.  This vulnerability could allow elevation of privileges on affected systems if a user renders a specially crafted CFF font.
• Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) MS10-038 – This update fixes 14 privately-disclosed vulnerabilities in Windows Office.  This vulnerability is rated Important.  These vulnerabilities could allow remote code execution on affected systems if a user opens a maliciously crafted Excel file.
• Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) MS10-039 – This update fixes a publicly-reported vulnerability and two privately-disclosed vulnerabilities in Microsoft Sharepoint.  This vulnerability is rated Important.  These vulnerabilities could allow elevation of privilege on affected systems if a user of a vulnerable Sharepoint site clicks on a specially crafted link.
• Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) MS10-040 – This update fixes a privately-disclosed vulnerability in Internet Information Services (IIS).  This vulnerability is rated Important.  This vulnerability could allow remote code execution on affected systems if a user receives a specially crafted HTTP request.
• Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) MS10-041– This update fixes a publicly-disclosed vulnerability in Microsoft .NET Framework.  This vulnerability is rated Important.  This vulnerability could allow tampering of signed XML content without being detected.

Gladiator recommends that users patch their systems immediately for all critical vulnerabilities.  Furthermore, all servers using IIS should install MS10-040 as soon as possible.  All other patches can be applied during your normal patch window.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx)
• SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=8929)