Microsoft Security Bulletin Summary for January 12, 2010

Microsoft Security Bulletin Summary for January 12, 2010

Microsoft Security Bulletin Summary for January 12, 2010
Published: January 12 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx


Critical (1)


Microsoft Security Bulletin MS10-001 - Critical
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Published: January 12, 2010



http://www.microsoft.com/technet/security/bulletin/MS10-001.mspx


Important (0)



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200)
Event ID: 1032427677

Language(s): English.
Product(s): Security.
Audience(s): IT Generalist.


Duration: 90 Minutes
Start Date: Wednesday, January 13, 2010 11:00 AM Pacific Time (US & Canada)

Event Overview

Join us for a brief overview of the technical details of the January security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Senior Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation

Register now for the January security bulletin webcast.

 

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Date Published: 12/01/2010

Win32/Hamweq

Encyclopedia entry
Updated: Jan 11, 2010 | Published: Dec 04, 2009

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

Microsoft Security Advisory (979267)
Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
Published: January 12, 2010

http://www.microsoft.com/technet/security/advisory/979267.mspx

 

Microsoft Security Bulletin MS09-035 - Moderate

Microsoft Security Bulletin MS09-035 - Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Published: July 28, 2009 | Updated: January 12, 2010

Revisions
• V1.0 (July 28, 2009): Bulletin published.

• V1.1 (August 4, 2009): Added new entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that the Known issues with this security update section in the associated Microsoft Knowledge Base Article 969706 has been updated, and that the update detection logic for KB973923 and KB973924 has been revised to correct a package re-offering issue; and to clarify the difference between the Visual C++ Redistributable packages and the other Visual Studio updates.

• V2.0 (August 11, 2009): Bulletin rereleased to offer new updates for Microsoft Visual Studio 2005 Service Pack 1 (KB973673), Microsoft Visual Studio 2008 (KB973674), and Microsoft Visual Studio 2008 Service Pack 1 (KB973675), for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices.

• V2.1 (August 12, 2009): Updated the Affected Software table to list MS07-012 as replaced by the update for Microsoft Visual Studio .NET 2003 Service Pack 1; added a new entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify why Microsoft Download Center update KB numbers for Visual C++ Redistributable packages differ from SMS, SCCM, WSUS and MU update KB numbers; corrected restart requirements throughout the bulletin; added Product Code Verification entries to the update deployment reference tables for Microsoft Visual Studio 2005 Service Pack 1, and Microsoft Visual Studio 2008 and Microsoft Visual Studio 2008 Service Pack 1; and performed miscellaneous edits.

• V2.2 (August 19, 2009): Added a link to Microsoft Knowledge Base Article 974653 to provide instructions for using product codes to verify the installation of the updates for Microsoft Visual Studio 2005 Service Pack 1 and Microsoft Visual Studio 2008 and Microsoft Visual Studio 2008 Service Pack 1.

• V2.3 (September 8, 2009): Added a new entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to communicate that Microsoft Knowledge Base Article 969706 has been revised to change the known issue KB974223 to KB974479, in order to offer a non-security update to fix the issue.

• V3.0 (January 12, 2010): Rereleased this bulletin to add Windows Embedded CE 6.0 to affected software. The new update for Windows Embedded CE 6.0 (KB974616) is available from the Microsoft Download Center only. Customers using the Windows Embedded CE 6.0 platform should consider applying the update. No other update packages are affected by this rerelease.

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

 

Title: Microsoft Security Bulletin Major Revision
Issued: January 13, 2010


Summary
=======
The following bulletin has undergone a major revision increment.

* MS09-073 - Important


Reason for Revision: V2.0 (January 13, 2010): Renamed the update
packages formerly listed as Microsoft Office Word 2002
Service Pack 3 (KB97500 and Microsoft Office Word 2003
Service Pack 3 (KB975051) to Microsoft Office XP Service Pack
3 (KB97500 and Microsoft Office 2003 Service Pack 3
(KB975051), respectively. Added an Update FAQ to explain this
bulletin-only change. There were no changes to the detection
logic or the update files. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: December 8, 2009
- Updated: January 13, 2010
- Bulletin Severity Rating: Important
- Version: 2.0

Revisions
• V1.0 (December 8, 2009): Bulletin published.

• V1.1 (December 9, 2009): Removed a redundant entry for the Microsoft Office Compatibility Pack from the non-affected software table. Also corrected several deployment reference tables to clarify that in some cases, this update does not require a restart. This is an informational change only.

• V2.0 (January 13, 2010): Renamed the update packages formerly listed as Microsoft Office Word 2002 Service Pack 3 (KB97500 and Microsoft Office Word 2003 Service Pack 3 (KB975051) to Microsoft Office XP Service Pack 3 (KB97500 and Microsoft Office 2003 Service Pack 3 (KB975051), respectively. Added an Update FAQ to explain this bulletin-only change. There were no changes to the detection logic or the update files. Customers who have already successfully updated their systems do not need to take any action.

http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx

 

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: January 14, 2010

General Information
Executive Summary
Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
http://www.microsoft.com/technet/security/advisory/979352.mspx

 

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: January 14, 2010 | Updated: January 15, 2010

Revisions
• V1.0 (January 14, 2010): Advisory published

• V1.1 (January 15, 2010): Revised Executive Summary to reflect invesigation of limited targeted attacks. Added Data Execution Protection (DEP) information to Mitigating Factors section. Updated "How does configuring the Internet zone security setting to High protect me from this vulnerability?" in the Frequently Asked Questions section.

http://www.microsoft.com/technet/security/advisory/979352.mspx


Assessing risk of IE 0day vulnerability
Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available.

Before we get into the details I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect customers using Internet Explorer 6. As discussed in the security advisory, while newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult. We would like to share a little more information about both the vulnerability and the exploits we have seen to help you understand the risk to your organization.

Risk, by platform

Newer versions of Internet Explorer and later Windows releases are at reduced risk to the exploit we have seen due to platform mitigations explained in the blog post below. (Note: Server platforms are omitted from this table because browsing is less likely from Servers.)
http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx

 

Further Insight into Security Advisory 979352 and the Threat Landscape

Sunday, January 17, 2010 7:58 PM by MSRCTEAM

http://blogs.technet.com/msrc/archi...advisory-979352-and-the-threat-landscape.aspx

 

Monday, January 18, 2010 5:55 PM by MSRCTEAM
Advisory 979352 Update for Monday January 18

http://blogs.technet.com/msrc/archive/2010/01/18/advisory-979352-update-for-monday-january-18.aspx

 

Security Advisory 979352 – Going out of Band

 

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: January 14, 2010 | Updated: January 20, 2010

Version: 1.2
General Information
Executive Summary
Microsoft continues to investigate reports of limited attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of limited attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer. Due to increased attention and an escalating threat environment, we are planning to release an out-of-band security update for this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.


Revisions
• V1.0 (January 14, 2010): Advisory published

• V1.1 (January 15, 2010): Revised Executive Summary to reflect investigation of limited targeted attacks. Added Data Execution Prevention (DEP) information to Mitigating Factors section. Updated "How does configuring the Internet zone security setting to High protect me from this vulnerability?" in the Frequently Asked Questions section.

• V1.2 (January 20, 2010): Revised Executive Summary to reflect the changing nature of attacks attempting to exploit the vulnerability. Clarified information in the Mitigating Factors section for Data Execution Prevention (DEP) and Microsoft Outlook, Outlook Express, and Windows Mail. Clarified several Frequently Asked Questions to provide further details about the vulnerability and ways to limit the possibility of exploitation. Added "Enable or disable ActiveX controls in Office 2007" and "Do not open unexpected files" to the Workarounds section.


http://www.microsoft.com/technet/security/advisory/979352.mspx

 

TechNet Webcast: Information About Microsoft's January 2010 Out-of-Band Security Bulletin Release
Event ID: 1032440627

Language(s): English.
Product(s): Security.
Audience(s): IT Decision Maker,IT Generalist.


Duration: 60 Minutes
Start Date: Thursday, January 21, 2010 1:00 PM Pacific Time (US & Canada)

Event Overview
Information About Microsoft's January 2010 Out-of-Band Security Bulletin Release


Presenters: Jerry Bryant, Sr. Security Program Manager Lead, Microsoft Corporation and Adrian Stone, Sr. Security Program Manager Lead, Microsoft Corporation


Register now for the January special out of band security bulletin webcast.

 

Microsoft Security Advisory (979682)

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Published: January 20, 2010

Version: 1.0

General Information
Executive Summary
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
http://www.microsoft.com/technet/security/advisory/979682.mspx

 

Microsoft Security Bulletin Summary for January 21, 2010 (out of band)

Microsoft Security Bulletin Summary for January 21, 2010
Published: January 21 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing


Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.


Today Microsoft released the following Security Bulletin(s).

Bulletin Summary:

http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx

Critical (1)

Microsoft Security Bulletin MS10-002 - Critical
Cumulative Security Update for Internet Explorer (978207)
Published: January 21, 2010

http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx

Important (0)



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Advisory (98008
Vulnerability in Internet Explorer Could Allow Information Disclosure
Published: February 03, 2010

Version: 1.0

Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
http://www.microsoft.com/technet/security/advisory/980088.mspx


Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure
http://support.microsoft.com/kb/980088