News Stay informed about the latest enterprise technology news and product updates.

Microsoft patches SMB flaws, Hyper-V problem in big update

Microsoft issued 13 bulletins, patching more than two dozen flaws across its product line, including critical Server Message Block flaws and a hypervisor DoS vulnerability.

Microsoft corrected critical flaws in its Server Message Block (SMB), issued kill-bits to block browser components containing ActiveX flaws and addressed nearly two-dozen other vulnerabilities in its Patch Tuesday updates.

The software giant issued 13 bulletins, five rated critical, fixing 26 vulnerabilities across nearly all facets of its product line.

DirectShow flaw is high-priority:

Microsoft's Jerry Bryant said a critical media handling flaw in Microsoft's streaming application, DirectShow, should be deployed quickly.

DirectShow has a problem handling AVI files, which could be exploited by attackers by simply creating a malicious AVI file. All an attacker would need to do is trick a user into opening the file, Bryant wrote in a message on the MSRC blog.

"MS10-013, which addresses a critical vulnerability in DirectShow, should be at the top of your list for testing and deployment," Bryant wrote. "This issue is critical on all supported versions of Windows except Itanium based server products and has an Exploitability Index rating of 1."

Microsoft issued a high-priority update to DirectShow last year addressing three flaws that were actively targeted by attackers. The software giant issued a fix in July, plugging the zero-day flaws, which had been targeted by cybercriminals for three months.

The issue was multiple handling errors in the DirectShow QuickTime parser. Though most of the attacks were targeted and limited, they were successful. To exploit the coding errors, attackers tricked users into downloading and opening malicious QuickTime files.

Microsoft SMB client and server vulnerabilities
Two high-priority vulnerabilities in the Microsoft Server Message Block, a protocol that handles communication between network devices, were addressed in Microsoft bulletin MS10-006. The remote code execution vulnerabilities exist on SMB clients and could be exploited by an attacker if they convince a user to initiate a connection with a malicious SMB server. The update is rated critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7 and Windows Server 2008 R2; it is rated important for Windows Vista and Windows Server 2008.

In addition to the SMB client-side flaws, Microsoft repaired four SMB server component vulnerabilities in security bulletin MS10-0012. The bulletin addresses how the SMB validates SMB requests at the server. The errors result in memory corruption issues and buffer overflow conditions that could enable an attacker to execute code remotely. Though the holes exist, Microsoft said standard default firewall configurations should mitigate the threat of an attack, giving the bulletin an important rating. .

IE update, ActiveX kill-bits
Microsoft also issued another update for users of Internet Explorer on Windows 2000, Windows XP, and Windows Server 2003. Security bulletin MS10-007 repairs a URL validation vulnerability in the Windows Shell Handler. Shell handlers enable developers to use APIs to create dynamic objects, such as file submenus. The bulletin is an update to the emergency out-of-band release that corrected eight vulnerabilities in IE. Users of the older operating systems are required to deploy the update which blocks the vulnerability on the OS rather than the browser.

Microsoft also addressed ongoing ActiveX control issues, issuing a kill-bit that blocks a remote code execution vulnerability in the Microsoft Data Analyzer ActiveX control. MS10-008 prevents attackers from loading the vulnerable ActiveX control in Internet Explorer. As part of the bulletin, Microsoft also issued kill-bits blocking four vulnerable third-party ActiveX controls from running. Once deployed, the registry setting prevents vulnerable ActiveX controls for Google Desktop, Symantec WinFax Pro, PandaActiveScan Installer and Facebook Photo Updater from running in IE.

Microsoft updates:
Jan. - Microsoft issues critical security update, blocks IE 6 attacks: Microsoft issued an emergency patch today blocking ongoing attacks against corporate networks that have been exploiting a vulnerability in Internet Explorer 6.

Jan. - Microsoft releases Windows OpenType Font Engine patch: Lone security bulletin is critical for Windows 2000 users.

Dec. - Microsoft gives Internet Explorer a major security overhaul: The final regular Microsoft update of 2009 repairs five critical vulnerabilities in IE and blocks public exploit code, which surfaced in November.

"This is a mitigation technique, which should be fairly easy for customers to install," said Amol Sarwate, manager of the the vulnerability research lab at vulnerability management vendor Qualys Inc, based in Redwood Shores, Calif. "The vulnerable component remains on the system. It's just being prevented from being loaded in the browser."

Windows TCP/IP handling flaws
Microsoft also addressed four networking remote code vulnerabilities in Microsoft Windows. Microsoft bulletin MS10-009 addresses Windows TCP/IP packet handling errors. An attacker could create malicious ICMPv6 router packets to a system with IPv6 enabled. The attack could enable a hacker to install programs, delete data or create new accounts with full user rights. The update is rated critical for users of Windows Vista and Windows Server 2008.

Critical media file handling vulnerablities
A vulnerability in the way Microsoft DirectShow streams an AVI video file could be exploited to take complete control of a system. Microsoft said the update, MS10-010 is rated important for x64-based editions of Windows Server 2008 and Windows Server 2008 R2. The exploit the flaw, an attacker must have valid logon credentials to log on locally into a guest virtual machine. A DoS condition could affect up to 10 virtual machines, since a hypervisor is the central component that runs them, said Qualys' Sarwate. With more organizations using Hyper-V, the virtualization feature in Windows Server 2008, future Microsoft patch releases could contain additional updates to the software, Sarwate said.

Windows kernel error

We are aware of publicly available proof-of-concept code for this issue, but are not aware of any active attacks at this time.
Jerry Bryant,
senior communications managerMIcrosoft Security Response Center

An update to the Windows kernel repairs a reportedly 17-year-old vulnerability in all 32-bit versions of Windows. Microsoft said MS10-015 repairs a flaw that could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. It addresses the kernel exception handling error addressed in an advisory issued Jan. 20. The bulletin is rated important for all Windows versions.

"We are aware of publicly available proof-of-concept code for this issue, but are not aware of any active attacks at this time," said Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC). Other vulnerabilities
In addition, Microsoft addressed a vulnerability affecting versions of Microsoft Office XP and Office for Mac 2004. MS10-004 addresses six vulnerabilities in Microsoft Office PowerPoint for users of Microsoft Office XP and Microsoft Office 2003. Microsoft said the vulnerabilities could allow remote code execution if a user opens a malicious PowerPoint file.

Also, MS10-011 addresses a vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). It affects users of Windows 2000, Windows XP and Windows Server 2003 systems. An attacker would need valid logon credentials and be able to log on locally to exploit the vulnerability, Microsoft said.

MS10-005 addresses a vulnerability in Microsoft Paint that could result in remote code execution if a person opens a malicious JPG file in the program. The issue is rated important for users of Microsoft Paint on Microsoft Windows 2000, Windows XP and Windows Server 2003.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.