Microsoft Tuesday Coverage for October 2009

Bumper crop of vulnerabilities patched this month by Microsoft and Adobe.

Microsoft Security Advisory (MS09-050):
A vulnerability in the way that Microsoft Windows systems process SMBv2.0 transactions may allow a remote attacker to execute code on a vulnerable system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16168.

Additionally, a previously released rule to detect attacks targeting this issue has been updated with the appropriate reference information and is included in this release and is identified with GID 1, SID 15930.

Microsoft Security Advisory (MS09-051):
A vulnerability in Windows Media Runtime may allow a remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 3, SIDs 16157 and 16158.

Microsoft Security Advisory (MS09-052):
A vulnerability in the Windows Media Player may allow a remote attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16156.

Microsoft Security Advisory (MS09-053):
A vulnerability in the FTP service for Microsoft Internet Information Services may allow a remote attacker to execute code on an affected system.

Previously released rules to detect attacks targeting this issue have been updated with the appropriate reference information and are included in this release, they are identified with GID 1, SIDs 1973, 2374 and 15932.

Microsoft Security Advisory (MS09-054):
Microsoft Internet Explorer contains programming errors that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16149 through 16152.

Microsoft Security Advisory (MS09-055):
A vulnerability in the way that ActiveX controls are handled may allow a remote attacker to execute code on a vulnerable system.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 16159 through 16166.

Microsoft Security Advisory (MS09-056):
A vulnerability in the way that SSL certificates are handled by the Microsoft CryptAPI may allow a remote attacker to spoof a genuine certificate.

Rules to detect attacks targeting this issue are included in this release and are identified with GID 3, SIDs 16180 and 16181.

Microsoft Security Advisory (MS09-057):
A vulnerability in the Internet Explorer indexing service may allow a remote attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16155.

Microsoft Security Advisory (MS09-059):
A vulnerability in the Microsoft Local Security Authority Subsystem Service (LSASS) may allow a remote attacker to cause a Denial of Service (Dos) against an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16167.

Microsoft Security Advisory (MS09-060):
Multiple vulnerabilities in the Microsoft Active Template Library (ATL) ActiveX controls for Microsoft Office may allow a remote attacker to execute code on an affected system.

Previously released rules to detect attacks targeting this issue have been updated with the appropriate reference information and are included in this release and are identified with GID 1, SIDs 15638, 15639, 15670, 15671, 15904 and 15905.

Microsoft Security Advisory (MS09-061):
Multiple vulnerabilities in the Microsoft .NET Common Language Runtime may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16179, 16182 and 16183.

Microsoft Security Advisory (MS09-062):
Multiple vulnerabilities in Microsoft GDI+ may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16153, 16154, 16177, 16178 and 16184 through 16186.

Additionally, previously released rules that also detect attacks targeting these vulnerabilities have been updated with the appropriate reference information and are included in this release, identified with GID 3, SID 13878 and GID 1, SID 6700.

Adobe Vulnerabilities:
Multiple products from Adobe corporation contain vulnerabilities that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16172 through 16176.

Changelogs are available here: http://www.snort.org/vrt/advisories/2009/10/13/vrt-rules-2009-10-13.html

Cisco Talos Blog

Intelligence Center

Vulnerability Information

Security Resources

Media

Company

Microsoft Tuesday Coverage for October 2009

Intelligence Center

Vulnerability Research

Incident Response

Security Resources

Media

Support

Company

Cisco Talos Blog

Microsoft Tuesday Coverage for October 2009

Share this post