Kasım 2010 Microsoft Güvenlik Bülteni

Dün Kasim 2010 için Microsoft Security Bulletin - Güvenlik Bülteni yayinlandi. Içerik su sekilde :

 

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin(s) being released on November 09, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following three new security bulletins for newly discovered vulnerabilities:

Bulletin ID

Bulletin Title

Maximum Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software*

MS10-087

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Critical

Remote Code Execution

May require restart

Microsoft Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, and Office for Mac 2011.

MS10-088

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

Important

Remote Code Execution

May require restart

Microsoft PowerPoint 2002, PowerPoint 2003, Microsoft Office 2004 for Mac, and PowerPoint Viewer.

MS10-089

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

Important

Elevation of Privilege

May require restart

Microsoft Forefront Unified Access Gateway 2010.

* The list of affected software in the summary table is an abstract. To see the full list of affected components, please click on the link provided in the left column, and review the "Affected Software" section.

Summaries for new bulletin(s) may be found at https://www.microsoft.com/technet/security/bulletin/MS10-nov.mspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/?id=894199.

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft November Security Bulletins (Level 200)

Date: Wednesday, November 10, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032454441

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at https://support.microsoft.com/lifecycle/.

Bulletin Identifier

Microsoft Security Bulletin MS10-087

Bulletin Title

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Executive Summary

This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF email message. The update addresses the vulnerabilities by modifying the way that Microsoft Office software parses files and by helping to ensure a vulnerable component of Microsoft Office uses a more appropriate and secure search order when loading libraries.

Severity Ratings and Affected Software

This security update is rated Critical for all supported editions of Microsoft Office 2007 and Microsoft Office 2010. This security update is also rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; and Open XML File Format Converter for Mac.

CVEs and Exploitability Index Ratings (EI)

· CVE-2010-3333: RTF Stack Buffer Overflow Vulnerability (EI=1).

· CVE-2010-3334: Office Art Drawing Records Vulnerability (EI=1).

· CVE-2010-3335: Drawing Exception Handling Vulnerability (EI=1).

· CVE-2010-3336: MSO Large SPID Read AV Vulnerability (EI=2).

· CVE-2010-3337: Insecure Library Loading Vulnerability (EI=1).

Attack Vectors

· A maliciously crafted Office document.

· A maliciously crafted DLL file.

· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

· An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

· For CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, and CVE-2010-3336, users would have to be persuaded to visit a malicious website.

· For CVE-2010-3334, CVE-2010-3335, and CVE-2010-3336, cannot be exploited automatically through email, because a user must open an attachment that is sent in an email message.

· For CVE-2010-3337, an attacker would have no way to force users to visit an untrusted remote file system location or WebDAV share, and SMB is commonly disabled on the perimeter firewall.

Workarounds

· For CVE-2010-3333, CVE-2010-3334, and CVE-2010-3335, use “Microsoft Office File Block” policies to block the opening documents from unknown or untrusted sources.

· For CVE-2010-3334 and CVE-2010-3335, use the “Microsoft Office Isolated Conversion Environment (MOICE)” when opening files from unknown or untrusted sources.

· For CVE-2010-3337, disable loading of libraries from WebDAV and remote network shares, and/or disable the WebClient service.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart.

Bulletins Replaced by This Update

MS10-003 and MS10-036.

Full Details

https://www.microsoft.com/technet/security/bulletin/MS10-087.mspx

Bulletin Identifier

Microsoft Security Bulletin MS10-088

Bulletin Title

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

Executive Summary

This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. The update addresses the vulnerabilities by changing the way that Microsoft PowerPoint parses specially crafted PowerPoint files.

Severity Ratings and Affected Software

This security update is rated Important for supported editions of Microsoft PowerPoint 2002, Microsoft PowerPoint 2003, and Microsoft Office 2004 for Mac; and all supported versions of Microsoft PowerPoint Viewer.

CVEs and Exploitability Index Ratings (EI)

· CVE-2010-2572: PowerPoint Parsing Buffer Overflow Vulnerability (EI=1).

· CVE-2010-2573: PowerPoint Integer Underflow Causes Heap Corruption Vulnerability (EI=2).

Attack Vectors

· A maliciously crafted PowerPoint file.

· Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.

Mitigating Factors

· Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

· Cannot be exploited automatically through email, because a user must open an attachment that is sent in an email message.

· Users would have to be persuaded to visit a malicious website.

Workarounds

· Use “Microsoft Office File Block” policy to block the opening documents from unknown or untrusted sources and locations.

· Use the “Microsoft Office Isolated Conversion Environment (MOICE)” when opening files from unknown or untrusted sources.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart.

Bulletins Replaced by This Update

MS10-004, MS10-036, and MS09-017.

Full Details

https://www.microsoft.com/technet/security/bulletin/MS10-088.mspx

Bulletin Identifier

Microsoft Security Bulletin MS10-089

Bulletin Title

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

Executive Summary

This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected website using a specially crafted URL. The security update addresses the vulnerabilities by modifying the way that UAG handles input and redirect verification.

Severity Ratings and Affected Software

This security update is rated Important for all supported versions of Forefront Unified Access Gateway 2010.

CVEs and Exploitability Index Ratings (EI)

· CVE-2010-2732: UAG Redirection Spoofing Vulnerability (EI=3)

· CVE-2010-2733: UAG XSS Allows EOP Vulnerability (EI=1)

· CVE-2010-2734: XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability (EI=1)

· CVE-2010-3936: XSS in Signurl.asp Vulnerability (EI=1)

Attack Vectors

· A user would need to click a link to a maliciously crafted website using a specially crafted URL.

Mitigating Factors

· An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Workarounds

· Microsoft has not identified any workarounds for this vulnerability.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart.

Bulletins Replaced by This Update

None

Full Details

https://www.microsoft.com/technet/security/bulletin/MS10-089.mspx

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.