Gladiator Research and Security

Microsoft has announced 15 new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges.  Nine patches are rated Critical by Microsoft and affect Microsoft Windows, Microsoft Office, Microsoft .NET, and Internet Explorer.  Six patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s August Security Bulletin.  Summary information is included below:

• Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)  MS10-046 – This security update resolves a publicly disclosed vulnerability in the Windows Shell. Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user views a specially-crafted shortcut file.  This issue was previously reported as a 0-day, and is currently being exploited by malware authors.
• Vulnerabilities in SChannel Could Allow Remote Code Execution (980436) MS10-049 – This security update resolves one publicly disclosed vulnerability and one privately disclosed vulnerability in Windows’ Secure Channel security package.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user visits a specially-crafted malicious website.
• Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) MS10-051 – This security update resolves a privately disclosed vulnerability in Windows XML Core Services.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user visits a specially-crafted malicious website using Internet Explorer.
• Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) MS10-052 – This security update resolves a privately disclosed vulnerability in Microsoft MPEG Layer-3 audio codecs.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user opens a specially-crafted media file or streams content from a website or other Internet audio application.
• Cumulative Security Update for Internet Explorer (2183461) MS10-053 – This security update resolves six privately disclosed vulnerabilities in Internet Explorer.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user visits a specially-crafted malicious website using Internet Explorer.
• Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) MS10-054 – This security update resolves several privately disclosed vulnerabilities in Microsoft Windows.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a system receives a specially-crafted SMB packet.
• Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) MS10-055 – This security update resolves a privately disclosed vulnerability in Cinepak Codec.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user opens a specially-crafted media file or streams content from a website or other Internet audio application.
• Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) MS10-056 – This security update resolves four privately disclosed vulnerabilities in Microsoft Office.  Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user opens a specially-crafted RTF email message.
• Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) MS10-060 – This security update resolves two privately disclosed vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.   Microsoft has rated the severity of this issue as Critical.  This vulnerability could allow remote code execution if a user visits a specially-crafted malicious website using a browser compatible with .NET Framework applications and/or Microsoft Silverlight.
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) MS10-047 – This security update resolves several privately disclosed vulnerabilities in Microsoft Windows.  Microsoft has rated the severity of this issue as Important.  This vulnerability could allow elevation of privileges if a user runs a specially-crafted application on the system.  Note that the user must already be logged on to take advantage of this vulnerability.
• Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) MS10-048 – This security update resolves one publicly disclosed and four privately disclosed vulnerabilities in the Windows kernel-mode drivers.   Microsoft has rated the severity of this issue as Important.  This vulnerability could allow elevation of privileges if a user runs a specially-crafted application on the system.  Note that the user must already be logged on to take advantage of this vulnerability.
• Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) MS10-050 – This security update resolves a privately disclosed vulnerability in Windows Movie Maker.  Microsoft has rated the severity of this issue as Important.  This vulnerability could allow remote code execution if a user opens a specially-crafted Movie Maker project file.
• Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)  MS10-057 – This security update resolves a privately disclosed vulnerability in Windows Office.  Microsoft has rated the severity of this issue as Important.  This vulnerability could allow remote code execution if a user opens a specially-crafted Excel file.
• Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) MS10-058 – This security update resolves two privately disclosed vulnerabilities in Microsoft Windows.  Microsoft has rated the severity of this issue as Important.  This vulnerability could allow elevation of privileges due to an error processing a specific input buffer.  Note that the user must already be logged on to take advantage of this vulnerability.
• Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799) MS10-059 – This security update resolves one privately disclosed vulnerability and one privately disclosed vulnerability in the Tracing Feature for Services.   Microsoft has rated the severity of this issue as Important.  This vulnerability could allow elevation of privileges if an attacker runs a specially-crafted application.  Note that the user must already be logged on to take advantage of this vulnerability.

Gladiator recommends that users patch their systems immediately for MS10-049 through MS10-057 and MS10-060. All other patches can be applied during your normal patch window.

Related Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx)
• SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=9361)