Gladiator Research and Security

Microsoft has announced 17 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges, and denial of service.  Two patches are rated Critical by Microsoft and affect Microsoft Windows and Internet Explorer.  Fourteen patches are rated Important by Microsoft and affect Microsoft Office, Microsoft SharePoint, and Microsoft Windows.  Furthermore, one patch is rated Moderate and affects Microsoft Exchange.  Gladiator recommends that users with impacted systems apply all Critical patches immediately. In addition, Gladiator recommends that MS10-098 and MS10-105 are also applied immediately. Detailed information regarding the patches can be found in Microsoft’s December Security Bulletin. Summary information is included below:

• Cumulative Security Update for Internet Explorer (2416400) MS10-090 – This security update resolves three publicly reported vulnerabilities and four privately disclosed vulnerabilities in Internet Explorer. This security update is rated Critical by Microsoft.  The most severe vulnerabilities could allow remote code execution if a user views a specially-crafted Web page. Gladiator recommends that users apply this patch as soon as possible.

• Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199) MS10-091 – This security update resolves several privately disclosed vulnerabilities in the Windows Open Type Font (OTF) driver. This security update is rated Critical by Microsoft.  The vulnerability could allow remote code execution if a user opens a specially-crafted Open Type Font on a network share.  Gladiator recommends that users apply this patch as soon as possible.

• Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) MS10-092 – This security update resolves a publicly reported vulnerability in Windows Task Scheduler. This security update is rated Important by Microsoft.  The vulnerability could allow escalation of privileges if a user ran a maliciously-crafted application.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) MS10-093 – This security update resolves a privately disclosed vulnerability in the Windows Movie Maker. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user opens a movie file on a network share or WebDAV share that also contains a malicious library file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) MS10-094 – This security update resolves a publicly reported vulnerability in Windows Media Encoder. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user opens a Windows Media Profile (.prx) file on a network share or WebDAV share that also contains a malicious library file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) MS10-095 – This security update resolves a privately disclosed vulnerability in the Microsoft Windows. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user opens a .eml, .rss or .wpost file on a network share or WebDAV share that also contains a malicious library file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) MS10-096 – This security update resolves a publicly reported vulnerability in Windows Address Book. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user opens a Windows Address Book file on a network share or WebDAV share that also contains a malicious library file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) MS10-097 – This security update resolves a publicly disclosed vulnerability in the Internet Connection Signup Wizard. This security update is rated Important by Microsoft for Windows XP and Windows Server 2003.  All other versions are unaffected.  The vulnerability could allow remote code execution if a user opens a .ins or .isp file on a network share or WebDAV share that also contains a malicious library file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) MS10-098 – This security update resolves one publicly reported vulnerability and several privately reported vulnerabilities in Microsoft Windows.  This security update is rated Important by Microsoft.  The vulnerability could allow elevation of privileges if a specially-crafted file is run on the system.  Gladiator recommends that users apply this patch as soon as possible.

• Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) MS10-099 – This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important by Microsoft for Windows XP and Windows Server 2003.  All other versions are not affected.  The vulnerability could allow elevation of privileges if a specially-crafted file is run on the system.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) MS10-100 – This security update resolves a privately disclosed vulnerability in the Consent User Interface (UI). This security update is rated Important by Microsoft.  The vulnerability could allow elevation of privileges if a specially-crafted file is run on the system.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) MS10-101 – This security update resolves a privately reported vulnerability in Microsoft Windows Domain Controllers. This security update is rated Important by Microsoft.  The vulnerability could allow denial of service if an attacker sends a specially-crafted RPC packet to the system.  This attack can only be launched from a workstation on the same domain as the domain controller.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Hyper-V Could Allow Denial of Service (2345316) MS10-102 – This security update resolves a privately disclosed vulnerability in Windows Server 2008 Hyper-V. This security update is rated Important by Microsoft.  The vulnerability could allow denial of service if a specially-crafted packet is sent from a guest on a vulnerable host.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) MS10-103 – This security update resolves five privately reported vulnerabilities in Microsoft Publisher. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user opens a specially-crafted Publisher file.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) MS10-104 – This security update resolves a privately disclosed vulnerability in Microsoft SharePoint. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a website visitor sends a specially-crafted request to the Document Conversions Load Balancer Service.  This service is not enabled by default.  Gladiator recommends that users apply this patch during their standard patch cycle.

• Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) MS10-105 – This security update resolves seven privately reported vulnerabilities in Microsoft Office. This security update is rated Important by Microsoft.  The vulnerability could allow remote code execution if a user viewed a specially-crafted image file using Microsoft Office.  Gladiator recommends that users apply this patch as soon as possible.

• Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) MS10-106 – This security update resolves a privately disclosed vulnerability in Microsoft Exchange Server. This security update is rated Moderate by Microsoft.  The vulnerability could allow denial of service if an authenticated user sent a maliciously-crafted packet to the Exchange Server.  Gladiator recommends that users apply this patch during their standard patch cycle.

Gladiator recommends that users patch their systems immediately for MS10-090, MS10-091, MS10-098, and MS10-105. All other patches can be applied during your normal patch window.

Reference Links:

• Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx)
• SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=10081)