Microsoft released a record 14 security bulletins today, 8 of them with a maximum rating of Critical, fixing a record-tying total 34 vulnerabilities. One of the updates addresses a vulnerability report that was released by third parties several days ago. Another addresses a vulnerability disclosed long ago.
The 8 critical updates include:
- MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution—Two vulnerabilities are fixed in this update, one of them rather old and famous. CVE-2009-3555, the TLS/SSL Renegotiation Vulnerability was first disclosed late last year. This is a spoofing attack which could allow an attacker to insert traffic into a TLS session. The other bug is in SChannel, in the client validation of certificate requests. On Windows XP and Server 2003 a malicious web site could cause remote code execution in the client.
- MS10-051: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution— Version 3.0 of Microsoft XML Core Services 3.0 (the current version is 6.0) is vulnerable to a memory corruption error which could lead to remote code execution on all versions of Windows, but is only rated Critical on client versions.
- MS10-052: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution—The DirectShow MP3 filter on Windows XP and Server 2003 could allow remote code execution through a malicious audio file.
- MS10-053: Cumulative Security Update for Internet Explorer—6 vulnerabilities are fixed in this update to IE. All versions on all platforms have at least one critical vulnerability fixed in this update.
- MS10-054: Vulnerabilities in SMB Server Could Allow Remote Code Execution—This update fixes 3 vulnerability, the first of which (CVE-2010-2550) is much more severe and interesting than the others, which only allow denial of service. CVE-2010-2550 allows remote code execution through unauthenticated network attack on Windows XP, Server 2003, Windows 7 and Windows Server 2008 R2. On Vista and Windows Server 2008 it only allows elevation of privilege. Firewalls would normally block SMB packets, certainly unsolicited ones, from the outside, but an infected system inside the network might be able to attack peers. In Vista and Windows 7, if the network profile is set to “Public” the system is not affected. Microsoft does state that only inconsistent exploit code is likely, and that “Exploitation is more likely to result in a denial of service rather than code execution.”
- MS10-055: Vulnerability in Cinepak Codec Could Allow Remote Code Execution—The Cinepak codec on client versions of Windows has a remote code execution vulnerability in the decompression of some files.
- MS10-056: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution—4 vulnerabilities in Microsoft Word affect all versions, including viewers, except for Office 2010. Strangely, only Word 2007 is rated Critical.
- MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution—Vulnerabilities in Silverlight have been rare. This update includes one which affects some versions of Silverlight and another which affects both Silverlight and some versions of.NET..
6 of the updates have a maximum rating of Important:
- MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege—Three vulnerabilities could result in a denial of service on the most recent versions of Windows or an elevation of privilege on most earlier ones.
- MS10-048: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege—4 Privilege elevation vulnerabilities and one DOS in Win32K affect all versions of Windows. This appears to cover the same vulnerability disclosed a few days ago.
- MS10-050: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution—Windows Movie Maker in Windows XP and Windows Vista is vulnerable to a remote code execution bug through specially-crafted project files. Windows Live Movie Maker is unaffected.
- MS10-057: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution—Several versions of Excel, including XP, 2003, Mac 2004, 2008, and the Open XML File Format Converter for Mac are vulnerable to a memory corruption vulnerability with remote code execution through specially-crafted Excel files. Works 9, Excel 2007 and more recent products are not affected.
- MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege—Two elevation of privilege bugs affect Windows Vista, Windows 7, Windows Server 2008 and R2.
- MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege—Two elevation of privilege bugs affect Windows Vista, Windows 7, Windows Server 2008 and R2. For reasons undisclosed, one is rated more severe than the other.
Several of the usual non-security fixes were also released, including the Windows Malicious Software Removal Tool, Junk Mail Filter for Windows Mail and Compatibility List View for Internet Explorer. This is the malware being added to the MSRT:
- Win32/Stuxnet
- Win32/CplLnk
- Worm:Win32/Vobfus.gen!A
- Worm:Win32/Vobfus.gen!B
- Worm:Win32/Vobfus.gen!C
- Worm:Win32/Vobfus!dll
- Worm:Win32/Sality.AU
- Virus:Win32/Sality.AU
- TrojanDropper:Win32/Sality.AU
View full post on Security Watch
