On BNET: Make cool hacks for Google Maps
BNET Business Network:
BNET
TechRepublic
ZDNet

November 10th, 2009

Microsoft patches Windows worm holes, drive-by download flaws

Posted by Ryan Naraine @ 11:22 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Patch Watch, Pen testing, Responsible disclosure

Tags: Attacker, Flaw, Window, Vulnerability, Severity, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software

As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated “critical,” meaning they can be used to launch remote code execution or worm attacks without any user action.  One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser, Microsoft warned.

Four of the six bulletins include patches for Windows and Windows Server and two affect Microsoft Office products (Excel and Word).

Microsoft is urging Windows users to pay special attention to MS09-065, a “critical” bulletin that patches three documented vulnerabilities in Windows Kernel-Mode drivers.

“We recommend customers prioritize and deploy this update immediately.”

That vulnerability only affects Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 (it does not affect Windows Vista or Windows Server 2008 so if you are using either of these platforms, you can lower the deployment priority to a two). The vulnerability was publicly disclosed and could be used to create a malicious web page which could potentially exploit vulnerable systems just by visiting the website. The other two vulnerabilities are Elevation of Privilege (EoP) which would require the attacker to have valid logon credentials in order to be able to exploit.

Microsoft expects to see functional exploit code for this flaw very soon.

This Patch Tuesday also brings:

  • MS09-063 (Maximum severity rating of Critical): Resolves one privately reported vulnerability in Windows, which could allow remote code execution if an affected Windows system receives a specially crafted packet. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • MS09-064 (Maximum severity rating of Critical): Patches one privately reported vulnerability in Windows, which could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system.
  • MS09-066 (Maximum severity rating of Important): This update resolves one privately reported vulnerability in Windows, which could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests.
  • MS09-067 (Maximum severity rating of Important): This update resolves eight privately reported vulnerabilities in Office, which could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
  • MS09-068 (Maximum severity rating of Important): This update resolves one privately reported vulnerability in Office, which could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft also reissued MS09-045 and MS09-051 to address detection and minor problem issues.

On the MSRC blog, Microsoft is offering charts explaining the severity and exploitability of each vulnerability and visual guidance on how to properly prioritize and deploy the updates.

The company’s Security Research & Defense Blog offers a technical breakdown of some of the more serious vulnerabilities.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 75 Talkback(s)
Test
<img
src="http://www.dailypets.co.uk/wp-
content/uploads/2007/06/kittens-cups.jpg"/>



Edit: aww it doesn't support the img tag.... (Read the rest)
Posted by: AzuMao Posted on: 11/14/09  (Edited: 11/14/09 @ 12:04) You are currently: a Guest | | Terms of Use
Holes  use_linux | 11/10/09
Does that mean Linux is a rotten ship too?  NStalnecker | 11/10/09
If a flaw affects Linux or MacOSX...  Ceridan | 11/11/09
With such issues  Viva la crank dodo | 11/11/09
If a hole affects something you didn't choose...  cosuna | 11/11/09
You are as full of  sackbut | 11/11/09
Everything is rotten nowadays.  AzuMao | 11/11/09
lol!  pgit | 11/11/09
How much is this on your scale?  Earthling2 | 11/11/09
0  AzuMao | 11/12/09
Re; . . and ten being Windows. Please modify.  hkommedal | 11/12/09
The scale is for operating systems only.  AzuMao | 11/12/09
And unfortunately most of the world is on that ship  robert_rowe@... | 11/10/09
Their choice.  AzuMao | 11/11/09
Yeah, all the ships are rotten to some extent  honeymonster | 11/10/09
Fewer patches != better security.  Letophoro | 11/10/09
Exactly  AzuMao | 11/11/09
you are dellusional...  ljenux-23043766007667558234416105604265 | 11/10/09
It might get patched less..  AzuMao | 11/11/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  puppadave | 11/10/09
Windows has more than its fairs share of intrusions, far more.  The Mentalist | 11/10/09
numbers??  puppadave | 11/10/09
Please ignore him  NStalnecker | 11/10/09
I would prefer  Viva la crank dodo | 11/11/09
LOOK EVERYONE!@@!! HE MENTIONS ME!!@!!!  Loverock Davidson | 11/11/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  Agnostic_OS | 11/10/09
Not really...  Wolfie2K3 | 11/10/09
Really and correct  tuomo@... | 11/10/09
That may be true for you  AzuMao | 11/11/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  spinnoutguy | 11/10/09
where is NonZealot  ThinkFairer | 11/10/09
Exactly!  An Apple a Day | 11/10/09
Duh  AzuMao | 11/11/09
Or for that matter, ye  zkiwi | 11/10/09
Where have you ever seen me smirk or snicker...  ye | 11/11/09
You do bad mouth other platforms, particularly...  zkiwi | 11/11/09
Then you should have no problem providing examples.  ye | 11/11/09
Well, there's your ranting...  zkiwi | 11/11/09
Already mentioned the size.  ye | 11/11/09
Does this count:  Viva la crank dodo | 11/11/09
What I don't ever see you doing is..  AzuMao | 11/11/09
Re: smirk and snicker......  Disgruntled M$ User | 11/11/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  shellcodes_coder | 11/10/09
microsoft patches 15 of 15 million security holes  ljenux-23043766007667558234416105604265 | 11/10/09
Painful...  Bob in Atlanta | 11/11/09
And this is different than other operation systems how?  ye | 11/11/09
Why do you ...  n0neXn0ne | 11/11/09
Why do you ask dumb questions?  ye | 11/11/09
Yeah, I see ...  n0neXn0ne | 11/11/09
My question wasn't particularly difficult.  ye | 11/11/09
They Wont  jdbukis@... | 11/11/09
Wow, nice argument there!  AzuMao | 11/11/09
Most folks learned the point the finger at somebody else  Ole Man | 11/12/09
because he's dumb  ljenux-23043766007667558234416105604265 | 11/11/09
What is a "serious operating system"? nt  ye | 11/11/09
If you are using one you'll know, no need to ask  n0neXn0ne | 11/11/09
Apparently I don't because all the operating systems I use...  ye | 11/11/09
Your narrative is always ...  n0neXn0ne | 11/11/09
@n0neXn0ne: Just stating the facts.  ye | 11/11/09
@ye  n0neXn0ne | 11/11/09
@n0neXn0ne: So then, under the criteria set forth by ljenux, none...  ye | 11/11/09
@ye  n0neXn0ne | 11/11/09
@n0neXn0ne: No need to detail your strategy.  ye | 11/11/09
Try  Viva la crank dodo | 11/11/09
Does OS/400 count?  ye | 11/11/09
Hundreds of production servers  Earthling2 | 11/11/09
And even better served by..  AzuMao | 11/11/09
Feeling more secure now? happy  Earthling2 | 11/11/09
What DOES have me stressed out.  AzuMao | 11/12/09
here is now  Earthling2 | 11/13/09
Test  AzuMao | 11/14/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  john_gillespie@... | 11/11/09
My god...  VistroDotNet | 11/11/09
Fail  AzuMao | 11/11/09
RE: Microsoft patches Windows worm holes, drive-by download flaws  windozefreak | 11/11/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here