Skip navigation
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Currently Being Moderated

Seems like the black Tuesday effect is catching on to vendors other than Microsoft. Adobe has released an update to their Flash player /AIR which seems to address several "Critical" issues on Tuesday. I'm going to take a quick look at the list of issues that are addressed by Adobe and Microsoft this week.

 

Adobe Flash Player / AIR Issues:

 

As per Adobe's Security Advisory notification 7 critical issues have been listed. Adobe doesn't give out much information on the issue and tends to play cards close to the chest. So based on what information is provided on their advisory, the following items are listed

 

Adobe Flash player / AIR JPEG data parsing Remote Code Execution Vulnerability

Adobe Flash Player data injection code execution vulnerability

Adobe Flash Player Memory Corruption Remote code execution Vulnerability

Adobe Flash Player Memory Corruption Remote Code Execution Vulnerability 2

Adobe Flash Player Integer Overflow Remote Code Execution Vulnerability

Adobe Flash Player Multiple Crash Remote Code Execution Vulnerability

Adobe Flash Player ActiveX control Information Disclosure Vulnerability

 

Coverage information for McAfee products is as listed in the below table. However, I would recommend that users update to the latest version of Adobe Flash Player and AIR.

 

Legend:

UA - Unavailable

Exp - Expected to be covered soon.

Pend - Pending

 

 

McAfee Product Coverage *

Threat

Name    

Impor-
tance

DAT 

BOP 

Host
IPS

McAfee
Network
Security
Platform

McAfee
Vulnerability
Manager

MNAC 2.x

McAfee
Remediation
Manager

McAfee
Policy
Auditor
SCAP

MNAC
SCAP

MTIS09-129-A

Adobe   JPEG parsing Vuln

Medium

UA

Exp

Exp

UA

Yes

UA

Pend

UA

UA

MTIS09-129-B

Adobe   Flash Data Inj RCE

Medium

UA

Exp

Exp

UA

Yes

No

Pend

UA

UA

MTIS09-129-C

Adobe   Flash Mem Corr RCE

Medium

UA

Exp

Exp

Yes

Yes

UA

Pend

UA

UA

MTIS09-129-D

ATL   COM Init Vuln

High

UA

Exp

Exp

Yes

Yes

Pend

Yes

UA

UA

MTIS09-129-E

Adobe   Flash Int OF RCE

Medium

UA

Exp

Exp

UA

Yes

No

Pend

UA

UA

MTIS09-129-F

Flash   multi crash RCE

Medium

UA

Exp

Exp

UA

Yes

No

UA

UA

UA

 

Microsoft Patch tuesday Release:

 

Microsoft has released six new security bulletins covering 12 vulnerabilities for products including Windows Operating Systems, Internet Explorer and Microsoft Office product suites. Here is a list of the released bulletins and the affected products.

 

Microsoft Security Bulletin MS09-069 -  This update addresses an issue in LSASS, which could be exploited by an attacker communicating through IPSEC  via a specially crafted ISAKMP message and cause a Denial-of-Service attack on the affected system.


Microsoft has rated this issue as important and Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP x64 editions, Windows 2003 SP3, x64 edition, and Itanium editions as vulnerable.

 

Microsoft Security Bulletin MS09-070 - This update addresses 2 vulnerabilities in the Active Directory Federation Services (ADFS).

  1. A Single sign on spoofing vulnerablity exists in ADFS which could allow an attacker to impersonate an authenticated user if the attacker has access to a  workstation with a browser recently used to access a web site that offers Single sign on.
  2. A Remote code execution vulnerability exists in ADFS implementations due to incorrect validation of  request headers which could allow an attacker to take complete control of the system.

 

Microsoft has rated this as important. Windows Server 2003 SP2, Windows Server 2003 x64  SP2, Windows server 2008 32 bit and 64 bit Operating systems are vulnerable.

 

Microsoft Security Bulletin MS09-071 - This update addresses 2 vulnerabilities in Internet Authentication Service.

  1. A Memory corruption vulnerability exists in PEAP implementations of the Internet Authentication service caused due to incorrect copying of messages received by the server. When exploited, the attacker could take complete control of the system.
  2. A privilege elevation  vulnerability exists in the Internet Authentication Service which when exploited by means of a specially crafted Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication request could obtain access to network resources as an authorized user.

 

Microsoft has rated this as Critical. Windows 2000 SP4, XP SP2  SP3 , x64, Windows 2003 server SP2, X64, Itanium, Vista SP1, SP2, x64, Win 2008 32 and 64 bit, Itanium editions are all affected.

 

Microsoft Security Bulletin MS09-072 - This update addresses 5 vulnerabilities specific to Internet Explorer out of which one vulnerability was publicly disclosed.

  1. A Vulnerablity exists in the ActiveX control built using MS ATL headers and when exploited it could allow for instantiation of arbitrary objects that bypass security policies (ATL COM Initialization Vulnerability)
  2. A Remote code execution Vulnerability exists in the the way IE accesses an incorrectly initialized object which could be exploited using a maliciously crafted web page and run remote code on the compromised machine to obtain complete control of the machine. (Uninitialized Memory corruption vulnerability).
  3. A Remote code execution Vulnerability exists in the the way IE accesses an incorrectly initialized object which could be exploited using a maliciously crafted web page and run remote code on the compromised machine to obtain complete control of the machine (HTML Object Memory Corruption Vulnerability).
  4. A Remote code execution Vulnerability exists in the the way IE accesses an incorrectly initialized object which could be exploited using a maliciously crafted web page and run remote code on the compromised machine to obtain complete control of the machine. (Uninitialized Memory corruption vulnerability 2)
  5. A Remote code execution Vulnerability exists in the the way IE accesses an incorrectly initialized object which could be exploited using a maliciously crafted web page and run remote code on the compromised machine to obtain complete control of the machine. (Uninitialized Memory corruption vulnerability 3).

 

Microsoft has rated this update as Critical. Internet Explorer versions 5.01 (win 2000) thru 8 on all supported windows platforms are deemed vulnerable.

 

Microsoft Security Bulletin MS09-073 - This update addresses a Memory corruption vulnerability reported in Microsoft Wordpad and Microsoft Office Text converters which could be exploited using a maliciously crafted word 97 file could allow for remote code execution and the attacker could gain complete access to the compromised machine.

 

Microsoft has rated this as Important. The following Operating systems are vulnerable to this attack Win 2000 SP4, Win XP SP2, SP3, x64, Win 2003 Server Sp2. x64, Itanium.

 

In addition to the above Operating Systems, Microsoft Office XP Sp3, Microsoft works 8,5 and Microsoft Office Converter Pack are also vulnerable.

 

Microsoft Security Bulletin MS09-074 - This update addresses a Memory validation vulnerability in Microsoft Office Project which could be exploited to by means of a maliciously crafted file to gain complete control of the system by executing remote code on the machine.

 

Microsoft has rated this update as Critical. Microsoft Project 2000 SP1, Sp2 and SP3 are vulnerable to this attack.

 

Updated Coverage information for the above mentioned Microsoft advisories for McAfee products is listed in the table below.

 

 

McAfee Product Coverage Updates *

Threat

Advisory

Impor-
tance

DAT 

BOP 

Host
IPS

McAfee
Network
Security
Platform

McAfee
Vulnerability
Manager

MNAC 2.x

McAfee
Remediation
Manager

McAfee
Policy
Auditor
SCAP

MNAC
SCAP

MTIS09-128-A
LclSecAuth Subsys Vuln

Previous

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-B
Sgle SO Spoof in ADFS

Previous

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-C
RCE in ADFS Vuln

Previous

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-D
Mem Corr in IAS Vuln

Previous

High

N/A

Exp

Exp

N/A

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-E
MS-CHAP Auth Byps Vuln

Previous

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-F
ATL COM Init Vuln

Previous

High

N/A

Exp

Yes

Yes

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Yes

Yes

Yes

Pend

Yes

UA

UA

MTIS09-128-G
Uninit Mem Corupt Vuln

Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-H
HTML ObjMem Corpt Vuln

Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-I
Unit Mem Crptn Vuln

Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-J
ATL COM Init Vuln

Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

Exp

Yes

Yes

Yes

Pend

Yes

UA

UA

MTIS09-128-L
Pjct Mem Val Vuln

Previous

High

N/A

N/A

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

N/A

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-K
WP and OfcTxt Mem Vuln

Previous

Medium

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

UA

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

Comments (0)