Advisories

CERT-In Advisory CIAD-2010-0063

Multiple Vulnerabilities in Microsoft Products

Original Issue Date: September 16, 2010

Severity Rating: High

Systems Affected

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Component Affected

Microsoft Office Suites and Software
Microsoft Outlook
Microsoft Internet Information Services

Overview

Multiple Vulnerabilities in Microsoft Products affecting Windows Print Spooler Service, MPEG-4 Codec, Unicode Scripts Processor, Outlook, Internet Information Services, Remote Procedure Call, WordPad Text Converters, Local Security Authority Subsystem Service & Windows Client/Server Runtime Subsystem.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS10-061:Vulnerability in Print Spooler Service Could Allow Remote Code Execution	High	CIVN-2010-0199 Microsoft Windows Print Spooler Service Insufficient User Permission Restrictions Vulnerability
MS10-062:Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution	High	CIVN-2010-0200 Microsoft MPEG-4 codec Could Allow Remote Code Execution Vulnerability
MS10-063:Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution	High	CIVN-2010-0201 Microsoft Windows and Office Uniscribe Font Parsing Arbitrary Code Execution Vulnerability
MS10-064:Vulnerability in Microsoft Outlook Could Allow Remote Code Execution	High	CIVN-2010-0202 Microsoft Outlook Buffer Overflow Vulnerability
MS10-065:Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution	Medium	CIVN-2010-0203 Multiple Vulnerabilities in Microsoft Internet Information Services (IIS)
MS10-066:Vulnerability in Remote Procedure Call Could Allow Remote Code Execution	Medium	CIVN-2010-0204 Microsoft Windows Remote Procedure Call (RPC) Memory Corruption Vulnerability
MS10-067:Vulnerability in WordPad Text Converters Could Allow Remote Code Execution	Medium	CIVN-2010-0205 Microsoft Windows WordPad Text Converter Word 97 File Parsing Memory Corruption Vulnerability
MS10-068:Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege	Medium	CIVN-2010-0206 Microsoft LSASS ADAM/ADLDS Privilege Escalation Vulnerability
MS10-069:Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege	Medium	CIVN-2010-0207 Windows Client/Server Runtime Subsystem Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin September 2010
http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India