Microsoft Security Bulletin Coverage (Feb 13, 2009)
During the first 2 months of 2009 Microsoft has published 5 security bulletins. Among them, MS09-001, MS09-003 and MS09-004 address vulnerabilities on the server side, while MS09-002 and MS09-005 address vulnerabilities on the client side. SonicWALL UTM team has analyzed each security bulletin and released IPS signatures that detect/prevent potential attacks leveraging these vulnerabilities. Below is the summary of security bulletins and the corresponding SonicWALL signatures.
MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution
- IPS Sid 5357 — NETBIOS MS SMB TRANS Request Error Handling Memory Corruption PoC (MS09-001)
CVE-2008-4834
- IPS Sid 5358 — NETBIOS MS SMB OPEN2 Request Error Handling Memory Corruption PoC (MS09-001)
CVE-2008-4835
MS09-002 Cumulative Security Update for Internet Explorer
- GAV Sid 37453 — MSWord.K (Exploit)
CVE-2009-0075
- IPS Sid 5379 — WEB-CLIENT MS IE Cloned Object Memory Corruption Attempt (MS09-002)
CVE-2009-0075
- IPS Sid 5387 — WEB-CLIENT MS IE CSS Processing Memory Corruption PoC (MS09-002)
CVE-2009-0076
MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
- IPS Sid 5383 — DOS MS Exchange System Attendant DoS
CVE-2009-0099
- IPS Sid 5385 — SMTP MS Exchange TNEF Integer Underflow PoC (MS09-003)
CVE-2009-0098
MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution
- IPS Sid 1286 — MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (Unicode)
CVE-2008-5416
- IPS Sid 1292 — MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (ASCII)
CVE-2008-5416
- IPS Sid 1358 — MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (Unicode-SMB)
CVE-2008-5416
- IPS Sid 1360 — MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (ASCII-SMB)
CVE-2008-5416
MS09-005 Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution
- IPS Sid 5384 — MISC MS Visio Object ID Table Memory Corruption PoC (MS09-005)
CVE-2009-0097
- IPS Sid 5386 — MISC MS Visio Invalid Tag Handling Memory Corruption PoC (MS09-005)
CVE-2009-0096
- IPS Sid 5389 — MS Visio VSD File Icon Bits Memory Corruption PoC (MS09-005)
CVE-2009-0096
CVE-2008-4834
CVE-2008-4835
CVE-2009-0075
CVE-2009-0075
CVE-2009-0076
CVE-2009-0099
CVE-2009-0098
CVE-2008-5416
CVE-2008-5416
CVE-2008-5416
CVE-2008-5416
CVE-2009-0097
CVE-2009-0096
CVE-2009-0096
Besides enabling prevention for these signatures, customers are advised to run Windows Update and get latest patches from Microsoft in order to maximize the protection against potential exploits.