Microsoft Security
09-June-2009: Check Point has provided immediate protections to Microsoft June security bulletins. Microsoft has released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters.
Microsoft Security Bulletins for
= Check Point has provided a protection to this bulletin
Microsoft Security Bulletin MS09-027:
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
Severity: Critical
CVE-2009-0563: Word Buffer Overflow Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Check Point Response- Update Protection against Microsoft Word Multiple SPRM Records Buffer Overflow Vulnerability (MS09-027) Release Date:
CVE-2009-0565: Word Buffer Overflow Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Check Point Response- Update Protection against Microsoft Word Malformed SPRM Record Buffer Overflow Vulnerability (MS09-027) Release Date:
Microsoft Security Bulletin MS09-026:
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
Severity: High
CVE-2009-0568: RPC Marshalling Engine Vulnerability
An elevation of privilege vulnerability exists in the Windows remote procedure call (RPC) facility where the RPM Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.
Microsoft Security Bulletin MS09-025:
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
Severity: High
CVE-2009-1123: Windows Kernel Desktop Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows kernel does not properly validate changes in certain kernel objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- This is a local vulnerability that can not be mitigated by a network IPS protection.
CVE-2009-1124: Windows Kernel Pointer Validation Vulnerability
An elevation of privilege vulnerability exists in the Windows kernel due to the insufficient validation of certain pointers passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- This is a local vulnerability that can not be mitigated by a network IPS protection.
CVE-2009-1125: Windows Driver Class Registration Vulnerability
An elevation of privilege vulnerability exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- This is a local vulnerability that can not be mitigated by a network IPS protection.
CVE-2009-1126: Windows Desktop Parameter Edit Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel improperly validates input passed from user mode to the kernel when editing a specific desktop parameter. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Check Point Response
- This is a local vulnerability that can not be mitigated by a network IPS protection.
Microsoft Security Bulletin MS09-024:
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
Severity: Critical
CVE-2009-1533: File Converter Buffer Overflow Vulnerability
A remote code execution vulnerability exists in the way that the Works for Windows document converters handle specially crafted Works files. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Check Point Response- Update Protection against Microsoft Works Converter Oversized Font Buffer Overflow Vulnerability (MS09-024) Release Date:
Microsoft Security Bulletin MS09-023:
Vulnerability in Windows Search Could Allow Information Disclosure (963093)
Severity: Medium
CVE-2009-0239: Script Execution in Windows Search Vulnerability
An information disclosure vulnerability exists in Windows Search due to the way file previews are generated. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability could run a malicious HTML script that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
- Check Point Response
- SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.
Microsoft Security Bulletin MS09-022:
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
Severity: Critical
CVE-2009-0228: Buffer Overflow in Print Spooler Vulnerability
A remote code execution vulnerability exists in the Windows Print Spooler that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Check Point Response- Update Protection against Microsoft Windows Print Spooler NetShareEnum Buffer Overflow Vulnerability (MS09-022) Release Date:
CVE-2009-0229: Print Spooler Read File Vulnerability
A local, authenticated information disclosure vulnerability exists in the Windows Printing Service that could allow a user to read or print any file on the system. This action can be taken even if the user does not have administrative access. However, the vulnerability could not be exploited remotely or by anonymous users.
- Check Point Response
- SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.
CVE-2009-0230: Print Spooler Load Library Vulnerability
A remote, authenticated elevation of privilege vulnerability exists in the Windows Print Spooler that could allow an arbitrary dynamic link library (DLL) to be loaded by the Print Spooler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Windows Print Spooler LoadLibrary Information Disclosure Vulnerability (MS09-022) Release Date:
Microsoft Security Bulletin MS09-021:
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
Severity: Critical
CVE-2009-0549: Record Pointer Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel BRAI Record Pointer Corruption Vulnerability (MS09-021) Release Date:
CVE-2009-0557: Object Record Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel Object Record Memory Corruption Vulnerability (MS09-021) Release Date:
CVE-2009-0558: Array Indexing Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel ExternSheet Record Indexing Memory Corruption Vulnerability (MS09-021) Release Date:
CVE-2009-0559: String Copy Stack-Based Overrun Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel String Copy Stack-Based Overrun Vulnerability (MS09-021) Release Date:
CVE-2009-0560: Field Sanitization Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel FormulaValue Field Memory Corruption Vulnerability (MS09-021) Release Date:
CVE-2009-0561: Record Integer Overflow Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel SST Record Integer Overflow Vulnerability (MS09-021) Release Date:
CVE-2009-1134: Record Pointer Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Excel QSir and QSif Records Pointer Corruption Vulnerability (MS09-021) Release Date:
Microsoft Security Bulletin MS09-020:
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
Severity: High
CVE-2009-1535: IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability
An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.
Check Point Response- Update Protection against Microsoft IIS WebDAV Extension URL Decoding Security Bypass Vulnerability (MS09-020) Release Date:
CVE-2009-1122: IIS 5.0 WebDAV Authentication Bypass Vulnerability
An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require authentication.
Check Point Response- Update Protection against Microsoft IIS Anonymous HTTP Request Authentication Bypass (MS09-020) Release Date:
Microsoft Security Bulletin MS09-019:
Cumulative Security Update for Internet Explorer (969897)
Severity: Critical
CVE-2007-3091: Race Condition Cross-Domain Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to the content in another browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view data from a Web page in another Internet Explorer domain.
Check Point Response- Update Protection against Microsoft Internet Explorer Race Condition Cross-Domain Information Disclosure Vulnerability (MS09-019) Release Date:
CVE-2009-1140: Cross-Domain Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from the local computer or another browser window in another domain or Internet Explorer zone.
Check Point Response- Update Protection against Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (MS09-019) Release Date:
CVE-2009-1141: DHTML Object Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Check Point Response- Update Protection against Microsoft Internet Explorer DHTML Table Row Object Memory Corruption Vulnerability (MS09-019) Release Date:
CVE-2009-1528: HTML Object Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Internet Explorer HTML XMLHttpRequest Memory Corruption Vulnerability (MS09-019) Release Date:
CVE-2009-1529: Uninitialized Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Internet Explorer HTML SetCapture Memory Corruption Vulnerability (MS09-019) Release Date:
CVE-2009-1530: HTML Objects Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Internet Explorer Multiple Events Improper Reference Counting Vulnerability (MS09-019) Release Date:
CVE-2009-1531: HTML Object Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Internet Explorer DOM Manipulations Improper Handling Vulnerability (MS09-019) Release Date:
CVE-2009-1532: HTML Object Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Check Point Response- Update Protection against Microsoft Internet Explorer Rows Object Memory Corruption Vulnerability (MS09-019) Release Date:
Microsoft Security Bulletin MS09-018:
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
Severity: Critical
CVE-2009-1138: Active Directory Invalid Free Vulnerability
A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect freeing of memory when processing specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Check Point Response- Update Protection against Microsoft Active Directory Invalid Free Remote Code Execution Vulnerability (MS09-018) Release Date:
CVE-2009-1139: Active Directory Memory Leak Vulnerability
A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The vulnerability is due to improper memory management during execution of certain types of LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could cause the affected server to stop responding.
- Check Point Response
- SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.
More to know
Check Point solutions can help you protect your Microsoft environment
Archives