Microsoft Security Bulletins Coverage

September 15, 2010

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of September, 2010. A list of issues reported, along with SonicWALL coverage information follows:

MS10-061 Vulnerability in Print Spooler Service Could Allow Remote Code Execution

CVE-2010-2729 - Print Spooler Service Impersonation Vulnerability
IPS 5686 MS Print Spooler Service Executable File Reception
IPS 5691 MS Print Spooler Service Remote Code Execution PoC (MS10-061)

MS10-062 Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution

CVE-2010-0818 - MPEG-4 Codec Vulnerability
IPS 5694 MS MPEG-4 Codec Remote Code Execution PoC (MS10-062)

MS10-063 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution

CVE-2010-2738 - Uniscribe Font Parsing Engine Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability.

MS10-064 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution

CVE-2010-2728 - Heap Based Buffer Overflow in Outlook Vulnerability
SPY 1814 Malicious RTF File Download

MS10-065 Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution

CVE-2010-1899 - IIS Repeated Parameter Request Denial of Service Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic.

CVE-2010-2730 - Request Header Buffer Overflow Vulnerability
IPS 5689 Excessive HTTP Request Headers Attempt

CVE-2010-2731 - Directory Authentication Bypass Vulnerability
IPS 5687 MS IIS Directory Authentication Bypass Attempt

MS10-066 Vulnerability in Remote Procedure Call Could Allow Remote Code Execution

CVE-2010-2567 - RPC Memory Corruption Vulnerability
Note: There is no way to differentiate malformed and legitimate traffic.

MS10-067 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution

CVE-2010-2563 - WordPad Word 97 Text Converter Memory Corruption Vulnerability
Note: There are no known public exploits targeting this vulnerability.

MS10-068 Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege

CVE-2010-0820 - LSASS Heap Overflow Vulnerability
Note: There are no known public exploits targeting this vulnerability.

MS10-069 Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege

CVE-2010-1891 - CSRSS Local Elevation of Privilege Vulnerability
Note: Local elevation of privilege