Published: 2009-08-11T21:00+00:00
Last Updated: 2009-09-04T15:01+00:00
JVNTR-2009-21
Microsoft Updates for Multiple Vulnerabilities (TA09-223A)
Overview
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Office Web Components and Remote Desktop Connection for Mac.
Event Information
| Date (UTC) | Description |
| 2009-08-18 10:24 |
SANS Internet Storm Center MS09-039 exploit in the wild? We received a note from a reader who wanted to remain anonymous that the MS09-039 vulnerability is actively exploited in the wild. To remind you, this vulnerability affects servers with the WINS service installed. The patch fixes two vulnerabilities. |
| 2009-08-12 04:17 |
Symantec ThreatCON (2) => (2) On August 11, 2009 Microsoft issued nine security bulletins as part of the monthly patch cycle. Five of these bulletins are rated 'Critical' and four are rated 'Important.' |
| 2009-08-12 01:52 |
JPCERT/CC JPCERT-AT-2009-0017: August 2009 Microsoft Security Bulletin (including five critical patches) |
| 2009-08-11 19:49 |
US-CERT TA09-223A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-08-11 19:22 |
SANS Internet Storm Center Microsoft August 2009 Black Tuesday Overview Overview of the August 2009 Microsoft patches and their status. |
| 2009-08-11 19:14 |
Microsoft ms09-aug: Microsoft Security Bulletin Summary for August 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-08-11 17:43 |
Microsoft Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution Microsoft has completed the investigation of a privately reported vulnerability in Microsoft Office Web Components. We have issued MS09-043 to address this issue. |
| 2009-08-11 17:03 |
US-CERT Microsoft Releases August Security Bulletin US-CERT Current Activity Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, Visual Studio, ISA Server, BizTalk Server, Remote Desktop Connection Client for Mac, and .NET Framework as part of the Microsoft Security Bulletin Summary for August 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or cause a denial-of-service condition. |
| 2009-08-06 20:58 |
Microsoft ms09-aug: Microsoft Security Bulletin Advance Notification for August 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-07-21 |
Bugtraq MS Office Web Components Spreadsheet ActiveX (OWC10/11) Exploit Vulnerability Proof Of Concept (CVE-2009-1136) #Cid: ie_owc.py #Cid: 35642.py |
| 2009-07-16 |
Bugtraq Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC Vulnerability Proof Of Concept (CVE-2009-1136) #Cid: 382458.php #Cid: 35642.html |
| 2009-07-14 16:54 |
SANS Internet Storm Center Infocon returning to green from MS Advisory 973472 INFOCon (2) => (1) After the rush of the new vulnerability being published, exploits in the wild, and malware being distributed it is time to return the Infocon to normal status. Hopefully it has served its purpose of raising awareness of the Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution CVE-2009-1136 and Microsoft advisory 973472. |
| 2009-07-14 00:59 |
Microsoft Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution Advisory published. Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability. |
| 2009-07-13 19:41 |
Symantec ThreatCON (2) => (2) On July 13, 2009, Microsoft published a security advisory disclosing a previously unknown vulnerability in Office Web Components. The issue is reportedly being exploited in the wild. Currently, no patch is available. |
| 2009-07-13 18:17 |
SANS Internet Storm Center Infocon raised to yellow for Excel Web Components ActiveX vulnerability INFOCon (1) => (2) The SANS Internet Storm Center has raised the Infocon to yellow for 24 hours to raise awareness of active exploitation of the Office Web Components ActiveX vulnerability in this diary. |
| 2009-07-13 16:10 |
SANS Internet Storm Center Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution (Version: 4) Microsoft has released an advisory related to an Office Web Components ActiveX vulnerability, it is available here. This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. |
| 2009-07-13 15:20 |
US-CERT Microsoft Releases Security Advisory 973472 US-CERT Current Activity Microsoft has released Security Advisory 973472 to alert users about a vulnerability in Microsoft Office Web Components. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. The advisory indicates that Microsoft is aware of attacks attempting to exploit the vulnerability. |
| 2009-07-11 23:54 |
Bugtraq Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability Vulnerability Proof Of Concept (CVE-2009-1136) #Cid: 35642.html |
| 2009-05-11 |
TippingPoint TPTI-09-06: Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability Workstation Service Memory Corruption Vulnerability (CVE-2009-1544, MS09-041) Vulnerability Reported The specific flaw exists in the Workstation RPC Service. When handling the arguments for the NetrGetJoinInformation function, memory is improperly freed and can lead to remote code execution. Successful exploitation can lead to a remote system compromise under SYSTEM credentials. |
| 2009-02-24 |
Zero Day Initiative (ZDI) ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerabiliy WINS Heap Overflow Vulnerability (CVE-2009-1923, MS09-039) Vulnerability Reported The specific flaw exists within the WINS.exe process which provides name resolution services for NetBIOS networks. While parsing a push request the WINS service copies packet data to a static heap buffer while within a controlled loop. By providing a specially crafted request an attacker can overflow this heap buffer leading to arbitrary code execution under the SYSTEM context. |
| 2008-12-05 |
iDefense Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability ATL COM Initialization Vulnerability (CVE-2009-2493, MS09-035, MS09-037) Vulnerability Reported Depending upon certain characteristics of an OLE component designed with the Microsoft ATL, it is possible to cause one component to initialize an arbitrary secondary component. Ordinarily this behavior would not be a cause for alarm, however, certain applications employ various methods to verify that a control is Safe for Initialization. One such application is Internet Explorer. |
| 2008-12-05 |
iDefense Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability ATL Object Type Mismatch Vulnerability (CVE-2009-2494, MS09-037) Vulnerability Reported Depending upon certain characteristics of an OLE component designed with certain versions of the Microsoft ATL, it is possible to cause an object to use a variant of type VT_BSTR as a different object. In certain circumstances, an encoded BSTR can cause ATL code to set the COM type without checking to see if the type was successfully coerced. Upon return, the BSTR is treated as an object leading to an attacker being able to specify an address to call. |
| 2008-11-19 |
Positive Technologies PT-2008-09: Microsoft Windows MSMQ Privilege Escalation Vulnerability MSMQ Null Pointer Vulnerability (CVE-2009-1922, MS09-040) Vulnerability Reported The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges. |
| 2008-04-07 |
Zero Day Initiative (ZDI) ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability Remote Desktop Connection Heap Overflow Vulnerability (CVE-2009-1133, MS09-044) Vulnerability Reported The specific flaw exists within mstscax.dll when parsing packets from an RDP server. A design flaw in the client allows a malicious RDP server to write to arbitrary memory inside the connecting processes memory space. By hosting a malicious RDP server, an attacker can execute arbitrary code on any client that attempts to connect to it. Privileges gained depend on which user is running the client. |
| 2008-03-17 |
iDefense Microsoft Office Web Components 2000 Buffer Overflow Vulnerability Office Web Components Buffer Overflow Vulnerability (CVE-2009-1534, MS09-043) Vulnerability Reported When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow. |
| 2007-12-11 |
Zero Day Initiative (ZDI) ZDI-09-056: Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability Office Web Components Heap Corruption Vulnerability (CVE-2009-2496, MS09-043) Vulnerability Reported The specific vulnerability exists in the OWC10.Spreadsheet.10 ActiveX control installed by Microsoft Office. By accessing specific methods in a certain order heap corruption occurs leading to remote code execution. If exploited, complete control of the affected system can be achieved under the rights of the currently logged in user. |
| 2007-03-29 |
Zero Day Initiative (ZDI) ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability Office Web Components Memory Allocation Vulnerability (CVE-2009-0562, MS09-043) Vulnerability Reported The specific flaw exists when loading and unloading the vulnerable control (0002E543-0000-0000-C000-000000000046) and results in transfer of control to unallocated memory. This issue can be exploited to execute arbitrary code under the context of the currently logged in user user. |
| 2007-03-19 |
Zero Day Initiative (ZDI) ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability Office Web Components HTML Script Vulnerability (CVE-2009-1136, MS09-043) Vulnerability Reported The specific flaw exists during the processing of malicious parameters to the routine msDataSourceObject() and results in transfer of control to unallocated memory. This issue can be exploited to execute arbitrary code under the context of the currently logged in user. |