Microsoft Security Bulletin for the Month of April
Number: AV10-010
Date: 13 April 2010
Purpose
The purpose of this advisory is to bring attention to the monthly Microsoft security bulletin which address 11 vulnerabilities, five rated Critical.
Assessment
Microsoft has released the following security bulletins:
MS10-019 - Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Details: This security update resolves two vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerabilities by performing additional verification operations when signing and verifying a portable executable or cabinet file.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Maximum Exploitability Index: 2 - Inconsistent exploit code likely Affected Products: Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Windows XP Service Pack 3, Professional x64 Edition Service Pack 2 and Windows Server 2003 CVE reference: CVE-2010-0486 and CVE-2010-0487 http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
MS10-025 - Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
Details: This security update resolves a vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. The security update addresses the vulnerability by modifying the way that the Windows Media Unicast Service (nsum.exe) handles transport info network packets.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Windows 2000 Professional, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.
CVE reference: CVE-2010-0478
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
MS10-026 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
Details: This security update resolves a vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the way that the Microsoft MPEG Layer-3 audio codecs decode the MPEG Layer-3 audio stream in specially crafted AVI files.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
CVE reference: CVE-2010-0480
http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
MS10-027 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Details: This security update resolves a vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. The security update addresses the vulnerability by modifying the way the Windows Media Player ActiveX control handles specially crafted media content hosted on a malicious Web site.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.
CVE reference: CVE-2010-0268
http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
MS10-021 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
Details: This security update resolves several vulnerabilities in Microsoft Windows; the most severe could allow elevation of privilege if an attacker logged on locally with valid logon credentials and ran a specially crafted application. The vulnerabilities could not be exploited remotely or by anonymous users. The security update addresses the vulnerabilities by correcting validations, the creation of symbolic links, the resolution of virtual registry key paths, and exceptions handling.
Impact of Vulnerability: Elevation of Privilege
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.
CVE reference: CVE-2010-0234, CVE-2010-0235, CVE-2010-0236, CVE-2010-0237, CVE-2010-0238, CVE-2010-0481, CVE-2010-0482 and CVE-2010-0810.
http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
MS10-022 - Vulnerability in VBScript Could Allow Remote Code Execution (981169)
Details: This security update resolves a vulnerability in VBScript on Microsoft Windows that could allow remote code execution. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable. However, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating. The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.
CVE reference: CVE-2010-0483
http://www.microsoft.com/technet/security/bulletin/MS10-022.mspx
MS10-023 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Details: This security update resolves a vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. The update addresses the vulnerability by correcting the way that Microsoft Office Publisher opens specially crafted Publisher files.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Maximum Exploitability Index: 1 - Consistent exploit code likely
Affected Products: Microsoft Office XP, Microsoft Office 2003 and 2007 Microsoft Office System.
CVE reference: CVE-2010-0479
http://www.microsoft.com/technet/security/bulletin/MS10-023.mspx
MS10-024 - Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
Details: This security update resolves a vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition. The security update addresses the vulnerabilities by correcting the manner in which SMTP parses MX records and the manner in which SMTP allocates memory for interpreting SMTP command responses.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: 3 - Functioning exploit code unlikely
Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7
CVE reference: CVE-2010-0024 and CVE-2010-0025
http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx
MS10-028 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
This security update resolves two vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opened a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. The security update addresses these vulnerabilities by correcting the way that Microsoft Office Visio validates attributes and calculates indexes when opening specially crafted Visio files.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Important
Maximum Exploitability Index: 3 - Functioning exploit code unlikely
Affected Products: Microsoft Office Visio
CVE reference: CVE-2010-0254 and CVE-2010-0256
http://www.microsoft.com/technet/security/bulletin/MS10-028.mspx
MS10-029 - Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)
This security update resolves a vulnerability in Microsoft Windows that could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate
Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008.
CVE reference: CVE-2010-0812
http://www.microsoft.com/technet/security/bulletin/MS10-029.mspx
Suggested action
CCIRC recommends that administrators test and deploy these updates at the earliest opportunity. Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/msrc/archive/2010/04/13/april-2010-security-bulletin-release.aspx
References:
http://www.microsoft.com/technet/security/bulletin/MS10-Apr.mspx
Note to Readers
The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca