Patchday Februar 2010

Alert Alert - Critical Product Vulnerability - Februar 2010 Microsoft Security Bulletin Release;

Allgemeine Informationen zu den Microsoft Security Bulletin Advance Notifications findet Ihr hier: http://www.microsoft.com/germany/technet/sicherheit/bulletins/bulletinadvance.mspx

am 10.02.2010 wurde diese Information von Microsoft aktualisiert:

This alert is to provide you with an overview of the new security bulletin(s) being released on February 09, 2010. Security bulletins are released monthly to resolve critical problem vulnerabilities. We will also provide an overview of one new security advisory being released.

New Security Bulletins

Microsoft is releasing the following 13 new security bulletins for newly discovered vulnerabilities:

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software*
MS10-003	Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)	Important	Remote Code Execution	May require restart	Microsoft Office XP, Office 2004 for Mac.
MS10-004	Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)	Important	Remote Code Execution	May require restart	Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.
MS10-005	Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)	Moderate	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-006	Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-007	Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-008	Cumulative Security Update of ActiveX Kill Bits (978262)	Critical	Remote Code Execution	May require restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-009	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)	Critical	Remote Code Execution	Requires restart	Microsoft Windows Vista and Windows Server 2008.
MS10-010	Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)	Important	Denial of Service	Requires restart	Microsoft Windows Server 2008 and Windows Server 2008 R2.
MS10-011	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)	Important	Elevation of Privilege	Requires restart	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
MS10-012	Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)	Important	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-013	Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)	Critical	Remote Code Execution	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS10-014	Vulnerability in Kerberos Could Allow Denial of Service (977290)	Important	Denial of Service	Requires restart	Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.
MS10-015	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)	Important	Elevation of Privilege	Requires restart	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.

* The list of affected software in the summary table is an abstract. To see the full list of affected components, including information on whether Server Core installations are affected, please visit the bulletin via the link in the left column and review the "Affected Software" section.

Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS10-feb.mspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

New SecuRity Advisory

In addition to the new security bulletin, Microsoft is also releasing a new security advisory on February 09, 2010. Here is an overview:

Identifier	Vulnerability in TLS/SSL Could Allow Spoofing (977377)
Summary	Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors. We are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues. As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround is not intended for wide implementation and should be tested extensively prior to implementation. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, depending on customer needs.
Affected Software	Windows 2000 (All Supported Versions) Windows XP (All Supported Versions) Windows Server 2003 (All Supported Versions) Windows Vista (All Supported Versions) Windows Server 2008 (All Supported Versions) Windows 7 (All Supported Versions) Windows Server 2008 R2 (All Supported Versions)
Recommendations	Review Microsoft Security Advisory 977377 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Additional Resources	Microsoft Security Advisory 977377: http://www.microsoft.com/technet/security/advisory/977377.mspx Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/ Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/ Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft February Security Bulletins (Level 200)

Date: Wednesday, February 10, 2010, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032427679

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.

Bulletin Identifier	Microsoft Security Bulletin MS10-003
Bulletin Title	Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The update addresses the vulnerability by modifying the way that Microsoft Office opens files.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Office XP and Microsoft Office 2004 for Mac.
Affected Software	Microsoft Office XP, Office 2004 for Mac.
Attack Vectors	A maliciously crafted Office document. A maliciously crafted e-mail attachment.
Mitigating Factors	Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-062
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-004
Bulletin Title	Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Executive Summary	This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. The security update addresses the vulnerabilities by changing the way that Microsoft Office PowerPoint and Microsoft PowerPoint Viewer parse specially crafted PowerPoint files.
Severity Ratings	This security update is rated Important for supported editions of Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac.
Affected Software	Microsoft Office PowerPoint 2002, Office PowerPoint 2003, and Office 2004 for Mac.
Attack Vectors	A maliciously crafted PowerPoint file. A maliciously crafted e-mail attachment. A maliciously crafted Web page.
Mitigating Factors	Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-017
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-004.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-005
Bulletin Title	Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. The security update addresses the vulnerability by modifying the way that Microsoft Paint decodes JPEG image files.
Severity Ratings	This security update is rated Moderate for Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	A maliciously crafted image file. A maliciously crafted e-mail attachment. A maliciously crafted Web page.
Mitigating Factors	An attacker must convince the user to open the malicious file in Microsoft Paint. Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-005.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-006
Bulletin Title	Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Executive Summary	This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. The security update addresses the vulnerabilities by correcting the manner in which the SMB client validates responses.
Severity Ratings	This security update is rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	A specially crafted SMB response to a client-initiated SMB request.
Mitigating Factors	To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS06-030 and MS08-068.
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-006.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-007
Bulletin Title	Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler. The security update addresses the vulnerability by correcting the way that the ShellExecute API validates input parameters.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	A maliciously crafted application A maliciously crafted e-mail attachment A maliciously crafted Web page
Mitigating Factors	Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-008
Bulletin Title	Cumulative Security Update of ActiveX Kill Bits (978262)
Executive Summary	This security update addresses a privately reported vulnerability that could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer. This update also includes kill bits for these four third-party ActiveX controls: Symantec WinFax Pro 10.3 Google Desktop Gadget v5.8 Facebook Photo Updater 5.5.8 Panda ActiveScan Installer 2.0 The security update addresses the vulnerability by setting a kill bit so that the vulnerable control does not run in Internet Explorer.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	A maliciously crafted Web page
Mitigating Factors	Users would have to be persuaded to visit a malicious Web site. Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-055
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-008.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-009
Bulletin Title	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Executive Summary	This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. The security update addresses the vulnerabilities by changing the way Windows TCP/IP performs bounds checking and other packet handling operations.
Severity Ratings	This security update is rated Critical for Windows Vista and Windows Server 2008.
Affected Software	Microsoft Windows Vista and Windows Server 2008.
Attack Vectors	Maliciously crafted network packets
Mitigating Factors	Microsoft has not identified any mitigations for CVE-2010-0239, CVE-2010-0241, and CVE-2010-0242. For CVE-2010-0240 only: This vulnerability only impacts Windows systems if they have installed a custom network driver that splits the UDP header into multiple MDLs. Microsoft is not aware of any driver that takes this action.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-009.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-010
Bulletin Title	Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Executive Summary	This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The security update addresses the vulnerability by correcting the way Hyper-V server validates encoding on machine instructions executed inside its guest virtual machines.
Severity Ratings	This security update is rated Important for all supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2.
Affected Software	Microsoft Windows Server 2008 and Windows Server 2008 R2.
Attack Vectors	A maliciously crafted application.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-011
Bulletin Title	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not affected. The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. The security update addresses the vulnerability by correcting the manner in which users' processes are terminated upon logout.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Affected Software	Microsoft Windows 2000, Windows XP, and Windows Server 2003.
Attack Vectors	A maliciously crafted application.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-011.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-012
Bulletin Title	Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Executive Summary	This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. The security update addresses these vulnerabilities by correcting the way that SMB validates SMB requests.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	Maliciously crafted network packets.
Mitigating Factors	Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-001
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-012.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-013
Bulletin Title	Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by correcting the way that DirectShow opens AVI files.
Severity Ratings	This security update is rated Critical for all supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, for which this security update is rated Important.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.
Attack Vectors	A maliciously crafted .AVI file. A maliciously crafted e-mail attachment. A maliciously crafted Web page.
Mitigating Factors	Users would have to be persuaded to visit a malicious Web site. Cannot be exploited automatically through e-mail, because a user must open an attachment that is sent in an e-mail message. Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-028 and MS09-038
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-014
Bulletin Title	Vulnerability in Kerberos Could Allow Denial of Service (977290)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted. This update addresses the vulnerability by correcting the way the Kerberos server deals with ticket renewal requests.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
Affected Software	Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008.
Attack Vectors	Maliciously crafted ticket renewal requests.
Mitigating Factors	Microsoft has not identified any mitigations or workarounds for this vulnerability.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx

Bulletin Identifier	Microsoft Security Bulletin MS10-015
Bulletin Title	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Executive Summary	This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. The security update addresses the vulnerabilities by ensuring that the Windows Kernel handles exceptions properly. This security update also addresses the vulnerability first described in Microsoft Security Advisory 979682.
Severity Ratings	This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.
Attack Vectors	A local logon A maliciously crafted application
Mitigating Factors	To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
Restart Requirement	This update does require a restart.
Bulletins Replaced by This Update	MS09-058
Full Details	http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx