NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Microsoft Patch Tuesday - September 2010

September 15, 2010

  • Blog
  • Archive
Well, our friends in Redmond have been busy these past few months. Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month. From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068. Note that MS10-061 is being used in the wild as part of a variant of the Stuxnet worm currently targeting SCADA devices. Take a look at this nifty flowchart to help understand configurations that are remotely vulnerable to MS10-061. eEye Digital Security will be holding a vulnerability expert forum (VEF) Thursday September 15th at 11AM PDT. The vulnerability expert forum is a live webcast where the eEye research team will discuss these patches and additional security landscape topics. Be sure to sign up in advance. Here are our recommendations for the nine security updates. You can find our full write-up in newsletter format here. Retina Network Security Scanner customers can view the list of audits associated with these bulletins. CRITICAL
MS10-061 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
  • Analysis A vulnerability exists within the Printer Spooler in Windows, which could allow an attacker to run remote arbitrary code with system level permissions. It does not completely enforce user permission settings that pertain to print spoolers. Attackers would be able to exploit this vulnerability by sending an RPC request to create a malicious file in a specific folder on a target system, which would then be automatically executed by the system. The vulnerability lies in the fact that the attacker's credentials are not properly validated prior to allowing them to create a file on the remote system.
  • Recommendations Administrators should install this patch as soon as possible, since it has been publicly disclosed, as well as the fact it is currently being exploited in the wild. To mitigate without patches, block all ports associated with RPC at the external firewall level. In addition, disable printer sharing until patches have been applied.
MS10-062 - Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
  • Analysis The vulnerability is exploited by opening a malicious video stream or file (eg: asf, wmv, and wma file types) that is parsed by the Windows MPEG-4 decoder. Any program that utilizes this decoder is vulnerable to exploitation through this Windows-based vulnerability. Upon successful exploitation, the attacker gains complete control of the system.
  • Recommendations Administrators should install the patch as soon as possible. Until the patch is installed, restrict access to the MPEG-4 version 1 by removing the registry key HKEY_CLASSES_ROOTCLSID{82CCD3E0-F71A-11D0-9FE5-00609778EA66} and HKEY_CLASSES_ROOTCLSID{2a11bae2-fe6e-4249-864b-9e9ed6e8dbc2}.
MS10-063 - Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
  • Analysis A vulnerability exists in the way the Unicode Scripts Processor processes OpenType fonts in Windows and third-party applications. Programs such as Microsoft Office and Web browsers can be exploited when they attempt to parse specially constructed content (eg: a document or web page). If successfully exploited, the attacker can run arbitrary code on the affected system as the logged-on user. Users with fewer user rights may not be as affected as users who are Administrators.
  • Recommendations Administrators are urged to patch this immediately. Until this can be done, system administrators are urged to modify the ACL (Access Control List) on usp10.dll and disable support for parsing embedded fonts in Internet Explorer.
MS10-064 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
  • Analysis A heap-based buffer overflow vulnerability exists within Microsoft Outlook that could allow an attacker to execute remote arbitrary code on a victim's system, within the context of the current user. An attacker merely needs to craft a malicious email to a victim and convince them to either preview or open the email. At this point, the vulnerability would be exploited.
  • Recommendations Administrators should patch this immediately, but until patches have been applied, emails should be read in plain-text to mitigate this vulnerability.
IMPORTANT
MS10-065 - Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
  • Analysis A malformed parameter request denial of service vulnerability exists in the way that IIS servers, with FastCGI enabled, handle request headers. An attacker can construct a specially formed HTTP request and gain control of servers with FastCGI enabled, allowing the attacker full access to the machine.
  • Recommendations System Administrators are urged to install the patch as soon as possible. Until this is done, administrators should disable ASP on IIS servers.
MS10-066 - Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
  • Analysis A memory corruption vulnerability exists in the RPC protocol, within Windows XP3 and Server 2003 SP2, which could allow an attacker to execute remote arbitrary code. This vulnerability could be exploited by an attacker that utilizes either their own server or a compromised server that handles RPC requests. When it receives an RPC request, it would send a malicious response, which would exploit the vulnerability on the client's system that sent the request. Any malicious code executed would run with the same rights as RPC client application.
  • Recommendations Administrators should patch this as soon as possible. To mitigate without patches, block all ports associated with RPC at the external firewall level.
MS10-067 - Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
  • Analysis A vulnerability allowing an attacker to remotely execute code exists within WordPad. This attack exploits the way the WordPad text converter parses specific fields within a Word 97 document. A user would have to open a Word 97 document, either from an email or hosted on a Web page, in order for the attacker to gain control of the machine. Code execution is executed at the current level of the logged-in user.
  • Recommendations System Administrators are urged apply the patch as soon as possible, however administrators can disable WordPad's access to the Word 97 text converter until the patch is applied.
MS10-068 - Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
  • Analysis A vulnerability exists within the Windows Local Security Authority Subsystem Service (LSASS), which could allow an attacker to elevate their privileges, but will most likely result in the machine failing to respond and eventually restarting. To successfully exploit the system, however, the attacker must have an authenticated session with the target server.
  • Recommendations System administrators should patch this immediately, especially those users on a domain. For those not running systems on a domain, this is less critical.
MS10-069 - Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
  • Analysis A vulnerability exists in the Windows Client/Server Runtime Subsystem that allows an attacker to execute an elevation of privilege attack, but only on machines with Chinese, Japanese or Korean system locales. To exploit this issue, an attacker would have to log on to the system and run a specially constructed application that would execute remote arbitrary code.
  • Recommendations System Administrators are urged to apply the patch lastly, however best practices should mitigate the opportunity for an attacker to gain access to the system and run programs.

Chris Silva,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.