Beyondtrust

BeyondTrust Patch Tuesday

May 11, 2010

Microsoft Patch Disclosure

This month, Microsoft released two patches which repair a total of two vulnerabilities. Both of these patches address Remote Code Execution vulnerabilities. Both eEye's Blink® Professional and Blink® Personal Endpoint Security solutions protect from memory-corruption vulnerabilities generically without the need for any updates.

Administrators are advised to patch MS10-030 and MS10-031 immediately to prevent exploitation by attackers, preferably after environment testing or to environments that have the specifically affected software deployed. As always, eEye suggests that users roll out Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The eEye Research Team
  • Date/Time: May 11, 2010

BULLETIN / ADVISORY DETAILS

MS10-030

Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)


Microsoft Rating:

Critical

CVE:

CVE-2010-0816

 

Analysis:

An attacker, with a malicious mail server, can send malicious response packets to a client-initiated POP3 request. The malicious response packets could trigger an integer overflow which could possibly allow the execution of arbitrary code. Successful exploitation would give the attacker the same privileges as the currently logged on user. If the current user is logged on as an administrator, the attacker would have gained complete control of the system, potentially allowing them to install malicious software to control the computer. The attacker could use it to gain personal and/or private information and launch attacks against other computers throughout the network.

 

Recommendation:

Administrators are urged to roll out this patch as soon as possible to vulnerable systems. Until this is done, users are recommended to use a web-based email interface, instead of a client-sided email application, such as Microsoft Outlook.

 

MS10-031

Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)


Microsoft Rating:

Critical

CVE:

CVE-2010-0815

 

Analysis:

Attackers will try to convince users to open malicious files, sent to them as either a complete document or a link to a document hosted on a malicious site, through spoofed emails, instant messages, or other electronic communication methods. Upon opening the malicious file, the vulnerability would be triggered. If successful, exploitation of the vulnerability would allow the attacker the same privileges as the current user. If the user has administrator rights, the attacker would have complete control of the computer and could install malicious software, such as Trojans and backdoors. These would be used to gather personal and/or private information and launch attacks on more computers throughout the network.

 

Recommendation:

Administrators are urged to roll out this patch as soon as possible to vulnerable systems. In the mean time, administrators should restrict access to VBE6.dll. By doing this, embedded ActiveX controls will be prevented from running inside Microsoft Office documents.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.