Beyondtrust

BeyondTrust Patch Tuesday

November 09, 2010

Microsoft Patch Disclosure

This month, Microsoft released 3 patches which repair a total of 11 vulnerabilities. Of these 3 patches, 2 address Remote Code Execution vulnerabilities and 1 addresses Elevation of Privilege vulnerabilities. Both eEye's Blink® Professional and Blink® Personal Endpoint Security solutions protect from memory-corruption vulnerabilities generically without the need for any updates.

Administrators are advised to patch MS10-087 and MS10-088 immediately to prevent exploitation by attackers. Administrators should patch patch MS10-089 at their earliest convenience. As always, eEye suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team.
Register Now >>

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The eEye Research Team
  • Date/Time: Wednesday November 10th at
    11am PDT / 2pm EDT

BULLETIN / ADVISORY DETAILS

MS10-087

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)


Microsoft Rating:

Critical

CVE List:

CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, CVE-2010-3336, CVE-2010-3337

 

Analysis:

Several vulnerabilities exist in the way Microsoft Office handles Office files; the most severe of which could allow for Remote Code Execution. To successfully exploit these vulnerabilities, an attacker would need to convince a user to open a specially crafted Office file or Rich Text Format file, which would be hosted on the attacker-controlled site. Successful exploitation would permit the attacker to execute code within the user's context. If a user had administrative privileges, the attacker could gain full control of the computer.

 

Recommendation:

Apply patch as soon as possible. Until patches can be applied, avoid opening Microsoft Office files from untrusted or unknown sources and set all emails to be displayed as plain text rather than rich text format. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown and untrusted sources.

 

MS10-088

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)


Microsoft Rating:

Important

CVE List:

CVE-2010-2572, CVE-2010-2573

 

Analysis:

There is a buffer overflow vulnerability and a heap corruption vulnerability in the way Microsoft PowerPoint handles PowerPoint files. An attacker would need to convince a user to open a specially crafted PowerPoint file in order to exploit this vulnerability, which could be hosted on an attacker-controlled site or sent via email or instant messenger. Once exploited, these vulnerabilities allow an attacker to execute code with the same privileges as the user. An attacker could gain full control of the computer if the user had administrative privileges.

 

Recommendation:

Apply patch as soon as possible. Until patches can be applied, restrict the access to the pp7x32.ddl file for any user running PowerPoint 2002. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown or untrusted sources.

 

MS10-089

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)


Microsoft Rating:

Important

CVE List:

CVE-2010-2732, CVE-2010-2733, CVE-2010-2734, CVE-2010-3936

 

Analysis:

There are 4 vulnerabilities within Microsoft Forefront Unified Access Gateway, the most severe of which is a spoofing vulnerability. This could be used by an attacker to convince a user that they are viewing a legitimate UAG page. The attacker could trick the user into providing credentials to the attacker, since the attacker's page would look like the UAG page they were attempting to visit. That could be used by the attacker to gain unauthorized access to the UAG.

 

Recommendation:

Administrators are urged to patch this at their earliest convenience. There are no workarounds other than the patch provided by Microsoft.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.