November 2009 Microsoft Patches Several Programs


« Critical Security Vulnerabilities in Adobe Shockwave Player | Main | Arrests Made for ZBot / Zeus Trojan »

11/16/2009



November 2009 Microsoft Patches Several Programs

Kevin R. Smith
Co-Editor


With the November 2009 Microsoft "Patch Tuesday," as it's called, there were a number of important security exploits that were dealt with.

If you haven't recently updated your Windows OS, we urge you to do so now. Here's one way to to so:

  1. Open Internet Explorer
  2. Click Tools
  3. Windows Update
  4. Select "Express" or "Custom"
  5. Select All applicable updates
  6. Download & install updates

Now for our take on the latest vulnerabilities and patches...

November 2009 Microsoft Updates
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-063 973565
Vulnerability Summary Vulnerability in License Logging Server Could Allow Remote Code Execution
Executive Summary Highlights This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system.

"The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet.

"Only attackers on the local subnet would be able to exploit this vulnerability.
Our Take This vulnerability affects a ton of different systems, and while Microsoft says an attacker would have to be on the same local subnet, they leave out an important detail as to what this means.

What they don't explain is that this means anyone using a free wireless connection (i.e. like those at the airport or a coffee shop) could easily be affected, and the way wireless works, the attacker wouldn't necessarily have to be in the same room as you.

They could be around the corner or even down the street

Microsoft rates this as "Critical."
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-064 974983
Vulnerability Summary Vulnerability in License Logging Server Could Allow Remote Code Execution
Executive Summary Highlights This security update resolves a privately reported vulnerability in Microsoft Windows 2000.

"The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server.

"An attacker who successfully exploited this vulnerability could take complete control of the system.

"Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Our Take This vulnerability only affects Windows 2000 systems, but if you're still running W2K, Microsoft gives this vulnerability a "critical" rating.

So, even if you are running antivirus firewall software (which should help mitigate the risk from this vulnerability), you should still patch your machine(s).

Microsoft rates this as "Critical."
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-065 969947
Vulnerability Summary Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
Executive Summary Highlights This security update resolves several privately reported vulnerabilities in the Windows kernel.

"The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font.

"In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability.

"In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability.

"...an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.
Our Take Pretty much every Windows system appears to be affected except for Windows 7.

There are some caveats to this for Vista and Windows Server 2008, so if you're running either of those OSes you should consult the Security Bulletin and Knowledge Base Article for complete details.

This is a classic case where, as Microsoft points out, you can get a virus or other malware installed on your machine just from visiting a web site.

And, as they also point out, it's also possible for your machine to be infected if someone has taken over a site you trust or if you're visiting a site that has user-provided content.

While this is unlikely to affect Facebook, this is the type of thing Microsoft is talking about: sites where the users provide content--even things like chat or forums.

This is also a classic case where Internet security software is often able to minimize the risks from these types of attacks.

Microsoft rates this as "Critical."
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-066 973309
Vulnerability Summary Vulnerability in Active Directory Could Allow Denial of Service
Executive Summary Highlights This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS).

"The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests.

"This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Our Take Lots of affected systems with this one, although apparently only systems running
  1. Active Directory
  2. Active Directory Application Mode (ADAM)
  3. Active Directory Lightweight Directory Service
Microsoft rates this as "Important."
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-067 972652
Vulnerability Summary Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
Executive Summary Highlights This security update resolves several privately reported vulnerabilities in Microsoft Office Excel.

"The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file.

"An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.

"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Our Take Anyone running Microsoft Excel is likely to be affected, and while MS rates this as only "Important," we have to beg to differ.

We believe this merits a "critical" rating since so many people run Excel and since all versions of the exploit allow for remote code execution.

Anytime there's remote code execution, it means an attackers may be able to completely take over your system. Better safe than sorry.

If you're running an older version of Windows like Windows 2000 or Windows XP, you'll need to manually update your Microsoft Office to get this patch.

Here's one way to do it:
  1. Open Internet Explorer
  2. Go to: Microsoft Office Update
  3. Look for "Update Office"
  4. Follow the on-screen instructions
    5. Note: You may have to visit this site several times and reboot to get all patches needed if your MS Office hasn't been updated in a while.
Also worth pointing is the value of using accounts with limited user rights (i.e. do NOT use Administrator for your daily activities).

Microsoft rates this as "Important."
  Microsoft Security Bulletin ID Microsoft Knowledge Base Article ID
MS09-068 976307
Vulnerability Summary Vulnerability in Microsoft Office Word Could Allow Remote Code Execution
Executive Summary Highlights This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Our Take As with the above Excel vulnerability, there are many affected people because practically everyone runs Microsoft Word.

You're at less risk if you're running the best antivirus software and if you're not using the Administrator account (or an account with Administrator privileges), but this is another update to be sure you get.

Microsoft rates this as "Important."

Posted by Kevin R. Smith at 12:00:00 AM in Microsoft Windows

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.