Microsoft has announced sixteen new patches today to fix vulnerabilities that could allow remote code execution and elevation of privileges. Four patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Internet Explorer. Ten patches are rated Important by Microsoft and affect Microsoft Windows, Microsoft Office, and Microsoft .NET. Two patches are rate Moderate by Microsoft and affect Microsoft Windows. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information regarding the patches can be found in Microsoft’s October Security Bulletin. Summary information is included below:
Cumulative Security Update for Internet Explorer (2360131) MS10-071 – This security update resolves seven privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) MS10-075 – This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player network sharing service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132) MS10-076 – This security update resolves a privately reported vulnerability in a Microsoft Windows component, the Embedded OpenType (EOT) Font Engine. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) MS10-077 – This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) MS10-073 – This security update resolves several publicly disclosed vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986) MS10-078 – This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) MS10-079 - This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211) MS10-080 - This security update resolves thirteen privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011) MS10-081 – This security update resolves a privately disclosed vulnerability in Microsoft Windows. Microsoft has rated the severity of this issue as Important. This vulnerability affects Windows XP and Windows Server 2003. This vulnerability could allow elevation of privileges if an attacker logs on to a system with Chinese, Japanese, or Korean system locale.
Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) MS10-082 – This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882) MS10-083 – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937) MS10-084 – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs specially crafted code that sends an LPC message to the local LRPC Server. The message could then allow an authenticated user to access resources that are running in the context of the NetworkService account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Vulnerability in SChannel Could Allow Denial of Service (2207566) MS10-085 – This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.
Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149) MS10-074 – This security update resolves a publicly disclosed vulnerability in the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user is logged on with administrative user rights and opens an application built with the MFC Library. An attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) MS10-086 – This security update resolves a privately reported vulnerability in Windows Server 2008 R2 when used as a shared failover cluster. The vulnerability could allow data tampering on the administrative shares of failover cluster disks. By default, Windows Server 2008 R2 servers are not affected by this vulnerability. This vulnerability only applies to the cluster disks used in a failover cluster.
Gladiator recommends that users patch their systems immediately for MS10-071 and MS10-75 through MS10-077. All other patches can be applied during your normal patch window.
PTMR Customers: PTMR is currently testing the patches described above for compatibility and stability. If no road blocks are encountered during testing, the patches will be rolled out to customers soon.
About Gladiator Technology, A ProfitStars® Solution
Gladiator Technology, a ProfitStars Solution, is an MSSP (Managed Security Service Provider) focused specifically on information security protection for the financial industry. The company helps over 650 financial institutions secure networks and protect financial data in adherence with FFIEC regulations. From 24x7x365 security monitoring and consulting services to technology management training and IT compliance management products, Gladiator Technology functions as one of the fastest growing Internet and network security companies in the nation. For additional information about Gladiator Technology, please call 877- GLADTECH or visit us at www.gladiatortechnology.com.
11395 Old Roswell Road | Alpharetta, GA 30009 | tel: 877- GLADTECH | fax: 678.461.4625
