ID: 3948
Date: 09/06/2010
Title: 3948 - June 2010 Microsoft security bulletin
Platform level affected:Operating System
Specific operating systems components affected: 32-bit Windows
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Microsoft
Applications affected: Microsoft Windows, Sharepoint, .NET Framework, Internet Explorer, Office
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Automated Patch
Source: Microsoft, CCIRC
Reliability of source: Trusted
Source URL: http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
Abstract: Details of the June 2010 Microsoft security bulletin that addresses 3 Critical and 7 important vulnerabilities.
Microsoft has released the following security bulletins:
MS10-032 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
Details: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2010-0484, CVE-2010-0485, CVE-2010-1255
http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx
MS10-033 - Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
Details: This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2010-1879, CVE-2010-1880
http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx
MS10-034 - Cumulative Security Update of ActiveX Kill Bits (980195)
Details: This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.
The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Maximum Exploitability Index: N/A Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2010-0252, CVE-2010-0811
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx
MS10-035 - Cumulative Security Update for Internet Explorer (982381)
Details: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Internet Explorer 5.01 Service Pack 4 and Internet Explorer 6 Service Pack 1, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8.
CVE reference: CVE-2010-0255, CVE-2010-1257, CVE-2010-1259, CVE-2010-1260, CVE-2010-1261, CVE-2010-1262
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx
MS10-036 - Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
Details: This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System.
CVE reference: CVE-2010-1263
http://www.microsoft.com/technet/security/bulletin/MS10-036.mspx
MS10-037 - Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
Details: This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Maximum Exploitability Index: 2 - Inconsistent exploit code likely Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2010-0819
http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx
MS10-038 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
Details: This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Office Suites and Components, Microsoft Office for Mac, Other Office Software CVE reference: CVE-2010-0821, CVE-2010-0822, CVE-2010-0823, CVE-2010-1245, CVE-2010-1246, CVE-2010-1247, CVE-2010-1248, CVE-2010-1249, CVE-2010-1250, CVE-2010-1251, CVE-2010-1252, CVE-2010-1253, CVE-2010-1254 http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
MS10-039 - Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Details: This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Impact of Vulnerability: Elevation of Privilege Maximum Severity Rating: Important Maximum Exploitability Index: 1 - Consistent exploit code likely Affected Products: Microsoft Office Software, Windows SharePoint Services.
CVE reference: CVE-2010-0817, CVE-2010-1257, CVE-2010-1264
http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Note: Exploits are reported available
MS10-040 - Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
Details: This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Maximum Exploitability Index: 2 - Inconsistent exploit code likely Affected Products: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2010-1256
http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx
MS10-041 - Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
Details: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering in signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Impact of Vulnerability: Tampering
Maximum Severity Rating: Important
Maximum Exploitability Index: 3 - Functioning exploit code unlikely Affected Products: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE reference: CVE-2009-0217
http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
Note: Exploits are reported available
Recommendation:
CPNI Response recommends that administrators test and deploy these updates at the earliest opportunity. Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/srd/archive/2010/06/08/assessing-the-risk-of-the-june-security-bulletins.aspx
References:
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
http://isc.incidents.org/diary.html?storyid=8929
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Wed, 09 Jun 2010 09:25:00 GMT
Domain affected: Technical