Published: 2010-02-14T05:53+00:00    Last Updated: 2010-02-14T05:53+00:00

JVNTR-2010-05
Microsoft Updates for Multiple Vulnerabilities (TA10-040A)

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office.

Event Information


Date (UTC)Description
2010-02-11 20:59 SANS Internet Storm Center
MS10-015 may cause Windows XP to blue screen
We have heard about reports that MS10-015 causes some Windows XP machines to blue screen.
2010-02-10 16:25 Symantec
ThreatCON (2) => (2)
Microsoft has addressed several vulnerabilities with the February 2010 patch release. Some issues may allow an attacker to run arbitrary code remotely. We advise customers to install the updates as soon as possible.
2010-02-10 02:58 JPCERT/CC
JPCERT-AT-2010-0006: February 2010 Microsoft Security Bulletin (including five critical patches)
2010-02-09 23:52
OCHOA-2010-0209: Windows SMB NTLM Authentication Weak Nonce Vulnerability
SMB NTLM Authentication Lack of Entropy Vulnerability (CVE-2010-0231, MS10-012)
Vulnerability Proof Of Concept (CVE-2010-0231)
Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code.
2010-02-09 21:15 Microsoft
ms10-feb: Microsoft Security Bulletin Summary for February 2010
Included in this advisory are updates for newly discovered vulnerabilities.
Included in this advisory are updates for newly discovered vulnerabilities.
2010-02-09 20:50 US-CERT
TA10-040A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2010-02-09 20:04 Microsoft
Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-015 to address this issue.
2010-02-09 19:28 SANS Internet Storm Center
February 2010 Black Tuesday Overview
Overview of the February 2010 Microsoft patches and their status.
2010-02-09 19:13 US-CERT
Microsoft Releases February Security Bulletin
US-CERT Current Activity
Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.
2010-01-21 01:53 Microsoft
Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Advisory published.
2009-11-11 Stratsec
SS-2010-003: Microsoft SMB Client Memory Corruption
SMB Client Pool Corruption Vulnerability (CVE-2010-0016, MS10-006)
SMB Client Race Condition Vulnerability (CVE-2010-0017, MS10-006)
Vulnerability Reported
A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr (recType 0xF003) containers that allows an attacker to cause a class pointer to be interpreted incorrectly, leading to code execution in the context of the currently logged on user.
2009-10-29 TippingPoint
TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability
Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability (CVE-2010-0034, MS10-004)
Vulnerability Reported
The specific flaw exists in the handling of TextCharsAtom (0x0fa0) records contained in a PPT file. Due to the lack of bounds checking on the size argument an unchecked memcpy copies user-supplied data from the file to the stack, overflowing key exception structures. Exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.
2009-10-21 Zero Day Initiative (ZDI)
ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability
PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability (CVE-2010-0033, MS10-004) Reported
The specific flaw exists in the handling of TextBytesAtom records contained in a PPT file. Due to the lack of bounds checking on the size argument an unchecked memcpy() copies user data from the file to the stack, overflowing key exception structures. Exploitation of this vulnerability can lead to remote compromise of the affected system under the context of the currently logged in user.
2009-09-04 Core Security Technologies
CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability
MSO.DLL Buffer Overflow (CVE-2010-0243, MS10-003)
Vulnerability Reported
A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr (recType 0xF003) containers that allows an attacker to cause a class pointer to be interpreted incorrectly, leading to code execution in the context of the currently logged on user.
2009-07-20 Zero Day Initiative (ZDI)
ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability
URL Validation Vulnerability (CVE-2010-0027, MS10-007) Reported
The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can bypass sanitization checks within this function and force the calling application into running an executable of their choice. Successful exploitation requires a useful binary to exist in a predictable location on the remote system.
2009-07-08 iDefense
Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability
PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability (CVE-2010-0031, MS10-004)
Vulnerability Reported
This vulnerability occurs when parsing an "OEPlaceholderAtom" record. This record type is used to create a placeholder for an object (picture, text, etc.) on a slide. By providing a value greater than the size of an array, it is possible to corrupt stack memory beyond the bounds of the array with a fixed value. By overwriting critical structures like the saved return address, it is possible to execute arbitrary code.
2009-07-08 iDefense
Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability
PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (CVE-2010-0030, MS10-004)
Vulnerability Reported
The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type, the "LinkedSlideAtom" record, is used to specify collaboration information for different slides. One of the fields in this record is used to specify the number of certain records that are present in the file. The code responsible for filling the array used to store the records does not perform any bounds checking when storing elements into the array. This results in a heap-based buffer overflow vulnerability.
2009-07-08 iDefense
Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability
PowerPoint OEPlaceholderAtom Use After Free Vulnerability (CVE-2010-0032, MS10-004)
Vulnerability Reported
This vulnerability occurs when parsing multiple "OEPlaceholderAtom" records present in a "msofbtClientData" container. This record type is used to create a placeholder for an object (picture, text, etc.) on a slide. When a certain series of these records are present, it is possible to trigger a use-after-free vulnerability, which can lead to the execution of arbitrary code.
2009-05-20 Secunia Research
2009-28: Microsoft PowerPoint File Path Handling Buffer Overflow
PowerPoint File Path Handling Buffer Overflow Vulnerability (CVE-2010-0029, MS10-004)
Vulnerability Reported
The vulnerability is caused by a boundary error when handling file paths and can be exploited to cause a stack-based buffer overflow via a specially crafted file.
2009-01-15 Zero Day Initiative (ZDI)
ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability
DirectShow Heap Overflow Vulnerability (CVE-2010-0250, MS10-013) Reported
The specific flaw exists within the decompression of a specific type of video stream contained in an .AVI file. The application misuses a length field for an allocation causing the memory allocation to be too small to contain the subsequent data. During population of this buffer, the application will copy more data than allocated for leading to memory corruption with the potential for code execution.