CERT-In Advisory CIAD-2009-27
Multiple Vulnerabilities in Microsoft Internet Explorer, Active Directory, Internet Information Services (IIS), Windows Kernel,
Windows Print Spooler, Windows Search, Microsoft Office Word, Microsoft Office Excel, Microsoft Works Converters
Original issue date:
June 11, 2009
Systems Affected
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Office 2000
- Microsoft Office XP
- Microsoft Office 2007
- Microsoft Office for Mac
- Microsoft Office Compatibility Pack for Office File Formats
- Microsoft Office Sharepoint Server
- Microsoft Works
Overview
Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft Internet Explorer, Active Directory, Internet Information Services (IIS), Windows Kernel,
Windows Print Spooler, Windows Search, Microsoft Office Word, Microsoft Office Excel, Microsoft Works Converters.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution |
High |
CIVN-2009-70:
Multiple Vulnerabilities in Microsoft Windows Active Directory components
|
| MS09-019: Cumulative Security Update for Internet Explorer |
High |
CIVN-2009-71:
Multiple Vulnerabilities in Microsoft Internet Explorer |
| MS09-020: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege |
High |
CIVN-2009-63:
(Updated:June 11, 2009)
Microsoft IIS 6.0 WebDAV Authentication bypass vulnerability |
| MS09-021: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution |
High |
CIVN-2009-72:
Microsoft Office Excel Remote Code Execution Vulnerabilities |
| MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution |
High |
CIVN-2009-73:
Multiple Vulnerabilities in Windows Print Spooler |
| MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure |
Medium |
CIVN-2009-74:
Microsoft Windows Search Script Injection vulnerability |
| MS09-024: Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution |
High |
CIVN-2009-75:
Microsoft Works Converters Remote Code Execution Vulnerability
|
| MS09-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege |
Medium |
CIVN-2009-76:
Multiple Vulnerabilities in Microsoft Windows Kernel |
| MS09-026: Vulnerability in RPC Could Allow Elevation of Privilege |
Medium |
CIVN-2009-77:
Microsoft Windows RPC Marshalling Engine Vulnerability |
| MS09-027: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution |
High |
CIVN-2009-78:
Microsoft Office Word Remote Code Execution Vulnerabilities
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin June 2009
http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
