Microsoft Patch Tuesday Roundup - June 2010 - “Everything is Vulnerable” Edition

Here we go again - another massive “Patch Tuesday”, brought to you by Microsoft. This particular bundle addresses 34 vulnerabilities in Windows, IE, Office, .NET Framework, IIS and Sharepoint, a tie for the largest vulnerability count in a single Microsoft Patch Tuesday to date. The advisories include a wide range of vulnerabilities including code execution, privilege escalation, information disclosure, denial of service and cross-site scripting (XSS).

Among the vulnerabilities addressed in June’s updates are two issues that were recognized by Microsoft in February and April. Three of the ten updates have been given severity ratings of “critical” while the other seven are rated as “important”. Six updates affect the Windows operating system, including Microsoft’s newest OS, Windows 7. As always, Tenable has released Nessus plugins to perform credentialed checks to detect each of these vulnerabilities and help aid your remediation processes.

Patch Tuesday Breakdown and Thoughts:

• MS10-032 - Nessus Plugin ID 46839 (Credentialed Check) - Kernel-Mode Drivers Local Privilege Escalation: Three vulnerabilities that require user interaction or local access allowing for privileged code to be run.
• MS10-033 - Nessus Plugin ID 46840 (Credentialed Check) - Media Decompression Remote Code Execution: Two vulnerabilities related to processing a crafted movie file with embedded JPG, arbitrary code execution is possible.
• MS10-034 - Nessus Plugin ID 46841 (Credentialed Check) - ActiveX Killbits: Two Microsoft ActiveX and several third party controls are disabled.
• MS10-035 - Nessus Plugin ID 46842 (Credentialed Check) - Internet Explorer Update: Six vulnerabilities, two of which are critical, in Microsoft’s web browser. Each of the critical issues requires a user to visit a web site or load a crafted document.
• MS10-036 - Nessus Plugin ID 46843 (Credentialed Check) - MS Office Document Handling Code Execution: One vulnerability in the way Office processes various files, requiring user interaction, that could lead to arbitrary code execution.
• MS10-037 - Nessus Plugin ID 46844 (Credentialed Check) - OpenType Compact Font Format Handling Local Code Execution: One issue in the way Windows processes OpenType fonts, that requires local access and valid credentials.
• MS10-038 - Nessus Plugin ID 46845 (Credentialed Check) - MS Excel Multiple Vulnerabilities: 14 issues in Excel ranging from local privilege escalation to user-assisted remote code execution.
• MS10-039 - Nessus Plugin ID 46846 (Credentialed Check) - MS SharePoint Multiple Vulnerabilities: Three issues in SharePoint including XSS leading to privilege escalation, information disclosure and denial of service.
• MS10-040 - Nessus Plugin ID 46847 (Credentialed Check) - IIS Remote Code Execution: One vulnerability requiring specific functionality to be enabled (but not on by default) leading to remote code execution via a crafted HTTP request.
• MS10-041 - Nessus Plugin ID 46848 (Credentialed Check) - .NET Framework XML Signature Validation Weakness: One vulnerability that may allow an attacker to spoof messages based on XML signature checking.

Resources:

• Microsoft Security Bulletin Summary for June 2010 - http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
• OSVDB Microsoft Bulletins - Complete Reference - http://osvdb.org/browse/by_reference_type/MSSB
• Microsoft Patch Tuesday - January 2010 - "Aged Cheese" Edition - http://blog.tenablesecurity.com/2010/01/microsoft-patch-tuesday---january-2010---aged-cheese-edition.html
• Microsoft Patch Tuesday - February 2010 - "From Microsoft with Love" Edition - http://blog.tenablesecurity.com/2010/02/microsoft-patch-tuesday---february-2009---from-microsoft-with-love-edition.html
• Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition - http://blog.tenablesecurity.com/2010/03/microsoft-patch-tuesday---march-2010---it-wont-happen-to-me-edition.html
• Microsoft Patch Tuesday Roundup - April 2010 - Superman Edition - http://blog.tenablesecurity.com/2010/04/microsoft-patch-tuesday-roundup---april-2010---superman-edition.html