Microsoft Security Bulletins Coverage (Sep 15, 2010)
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of September, 2010. A list of issues reported, along with SonicWALL coverage information follows:
MS10-061 Vulnerability in Print Spooler Service Could Allow Remote Code Execution- CVE-2010-2729 – Print Spooler Service Impersonation Vulnerability
IPS 5686 MS Print Spooler Service Executable File Reception
IPS 5691 MS Print Spooler Service Remote Code Execution PoC (MS10-061)
MS10-062 Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution
- CVE-2010-0818 – MPEG-4 Codec Vulnerability
IPS 5694 MS MPEG-4 Codec Remote Code Execution PoC (MS10-062)
MS10-063 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution
- CVE-2010-2738 – Uniscribe Font Parsing Engine Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-064 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution
- CVE-2010-2728 – Heap Based Buffer Overflow in Outlook Vulnerability
SPY 1814 Malicious RTF File Download
MS10-065 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution
- CVE-2010-1899 – IIS Repeated Parameter Request Denial of Service Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic. - CVE-2010-2730 – Request Header Buffer Overflow Vulnerability
IPS 5689 Excessive HTTP Request Headers Attempt - CVE-2010-2731 – Directory Authentication Bypass Vulnerability
IPS 5687 MS IIS Directory Authentication Bypass Attempt
MS10-066 Vulnerability in Remote Procedure Call Could Allow Remote Code Execution
- CVE-2010-2567 – RPC Memory Corruption Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic.
MS10-067 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
- CVE-2010-2563 – WordPad Word 97 Text Converter Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-068 Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege
- CVE-2010-0820 – LSASS Heap Overflow Vulnerability
Note: There are no known public exploits targeting this vulnerability.
MS10-069 Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege
- CVE-2010-1891 – CSRSS Local Elevation of Privilege Vulnerability
Note: Local elevation of privilege