Kasım 2010 Microsoft Güvenlik Bülteni
Dün Kasim 2010 için Microsoft Security Bulletin - Güvenlik Bülteni yayinlandi. Içerik su sekilde :
What is the purpose of this alert? |
This alert is to provide you with an overview of the new security bulletin(s) being released on November 09, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities.
New Security Bulletins
Microsoft is releasing the following three new security bulletins for newly discovered vulnerabilities:
|
Bulletin ID |
Bulletin Title |
Maximum Severity Rating |
Vulnerability Impact |
Restart Requirement |
Affected Software* |
|
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
Critical |
Remote Code Execution |
May require restart |
Microsoft Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, and Office for Mac 2011. |
|
|
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) |
Important |
Remote Code Execution |
May require restart |
Microsoft PowerPoint 2002, PowerPoint 2003, Microsoft Office 2004 for Mac, and PowerPoint Viewer. |
|
|
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) |
Important |
Elevation of Privilege |
May require restart |
Microsoft Forefront Unified Access Gateway 2010. |
|
|
* The list of affected software in the summary table is an abstract. To see the full list of affected components, please click on the link provided in the left column, and review the "Affected Software" section. |
|||||
Summaries for new bulletin(s) may be found at https://www.microsoft.com/technet/security/bulletin/MS10-nov.mspx.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/?id=894199.
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 10, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032454441
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at https://support.microsoft.com/lifecycle/.
Bulletin Identifier |
Microsoft Security Bulletin MS10-087 |
|---|---|
Bulletin Title |
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) |
Executive Summary |
This security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF email message. The update addresses the vulnerabilities by modifying the way that Microsoft Office software parses files and by helping to ensure a vulnerable component of Microsoft Office uses a more appropriate and secure search order when loading libraries. |
Severity Ratings and Affected Software |
This security update is rated Critical for all supported editions of Microsoft Office 2007 and Microsoft Office 2010. This security update is also rated Important for all supported editions of Microsoft Office XP, Microsoft Office 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; and Open XML File Format Converter for Mac. |
CVEs and Exploitability Index Ratings (EI) |
· CVE-2010-3333: RTF Stack Buffer Overflow Vulnerability (EI=1). · CVE-2010-3334: Office Art Drawing Records Vulnerability (EI=1). · CVE-2010-3335: Drawing Exception Handling Vulnerability (EI=1). · CVE-2010-3336: MSO Large SPID Read AV Vulnerability (EI=2). · CVE-2010-3337: Insecure Library Loading Vulnerability (EI=1). |
Attack Vectors |
· A maliciously crafted Office document. · A maliciously crafted DLL file. · Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive. |
Mitigating Factors |
· An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · For CVE-2010-3333, CVE-2010-3334, CVE-2010-3335, and CVE-2010-3336, users would have to be persuaded to visit a malicious website. · For CVE-2010-3334, CVE-2010-3335, and CVE-2010-3336, cannot be exploited automatically through email, because a user must open an attachment that is sent in an email message. · For CVE-2010-3337, an attacker would have no way to force users to visit an untrusted remote file system location or WebDAV share, and SMB is commonly disabled on the perimeter firewall. |
Workarounds |
· For CVE-2010-3333, CVE-2010-3334, and CVE-2010-3335, use “Microsoft Office File Block” policies to block the opening documents from unknown or untrusted sources. · For CVE-2010-3334 and CVE-2010-3335, use the “Microsoft Office Isolated Conversion Environment (MOICE)” when opening files from unknown or untrusted sources. · For CVE-2010-3337, disable loading of libraries from WebDAV and remote network shares, and/or disable the WebClient service. |
Restart Requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart. |
Bulletins Replaced by This Update |
MS10-003 and MS10-036. |
Full Details |
https://www.microsoft.com/technet/security/bulletin/MS10-087.mspx |
Bulletin Identifier |
Microsoft Security Bulletin MS10-088 |
|---|---|
Bulletin Title |
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) |
Executive Summary |
This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. The update addresses the vulnerabilities by changing the way that Microsoft PowerPoint parses specially crafted PowerPoint files. |
Severity Ratings and Affected Software |
This security update is rated Important for supported editions of Microsoft PowerPoint 2002, Microsoft PowerPoint 2003, and Microsoft Office 2004 for Mac; and all supported versions of Microsoft PowerPoint Viewer. |
CVEs and Exploitability Index Ratings (EI) |
· CVE-2010-2572: PowerPoint Parsing Buffer Overflow Vulnerability (EI=1). · CVE-2010-2573: PowerPoint Integer Underflow Causes Heap Corruption Vulnerability (EI=2). |
Attack Vectors |
· A maliciously crafted PowerPoint file. · Common delivery mechanisms: a maliciously crafted webpage, an email attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive. |
Mitigating Factors |
· Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · Cannot be exploited automatically through email, because a user must open an attachment that is sent in an email message. · Users would have to be persuaded to visit a malicious website. |
Workarounds |
· Use “Microsoft Office File Block” policy to block the opening documents from unknown or untrusted sources and locations. · Use the “Microsoft Office Isolated Conversion Environment (MOICE)” when opening files from unknown or untrusted sources. |
Restart Requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart. |
Bulletins Replaced by This Update |
MS10-004, MS10-036, and MS09-017. |
Full Details |
https://www.microsoft.com/technet/security/bulletin/MS10-088.mspx |
Bulletin Identifier |
Microsoft Security Bulletin MS10-089 |
|---|---|
Bulletin Title |
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) |
Executive Summary |
This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected website using a specially crafted URL. The security update addresses the vulnerabilities by modifying the way that UAG handles input and redirect verification. |
Severity Ratings and Affected Software |
This security update is rated Important for all supported versions of Forefront Unified Access Gateway 2010. |
CVEs and Exploitability Index Ratings (EI) |
· CVE-2010-2732: UAG Redirection Spoofing Vulnerability (EI=3) · CVE-2010-2733: UAG XSS Allows EOP Vulnerability (EI=1) · CVE-2010-2734: XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability (EI=1) · CVE-2010-3936: XSS in Signurl.asp Vulnerability (EI=1) |
Attack Vectors |
· A user would need to click a link to a maliciously crafted website using a specially crafted URL. |
Mitigating Factors |
· An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. |
Workarounds |
· Microsoft has not identified any workarounds for this vulnerability. |
Restart Requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message will appear advising you to restart. |
Bulletins Replaced by This Update |
None |
Full Details |
https://www.microsoft.com/technet/security/bulletin/MS10-089.mspx |
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.