J-Security Center

Microsoft Security Bulletins

December 2009


Prior Updates:


lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

December 2009

Microsoft Security Bulletin MS09-069

Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Severity: Important
Vulnerabilities:
  • Local Security Authority Subsystem Service Resource Exhaustion Vulnerability - CVE-2009-3675
    A denial of service vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles specially crafted ISAKMP messages communicated through IPsec.

Microsoft Security Bulletin MS09-070

Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Severity: Important
Vulnerabilities:
  • Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508
    A spoofing vulnerability in Active Directory Federation Services could allow an attacker to impersonate an authenticated user if the attacker has access to a workstation and Web browser recently used by the targeted user to access a Web site that offers single sign on.
  • Remote Code Execution in ADFS Vulnerability - CVE-2009-2509
    A remote code execution vulnerability exists in implementations of Active Directory Federation Services (ADFS). The vulnerability is due to incorrect validation of request headers when an authenticated user connects to an ADFS enabled Web server. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS09-071

Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

Severity: Critical
Vulnerabilities:
  • Internet Authentication Service Memory Corruption Vulnerability - CVE-2009-2505
    A remote code execution vulnerability exists in implementations of Protected Extensible Authentication Protocol (PEAP) on the Internet Authentication Service. The vulnerability is due to incorrect copying into memory of messages received by the server when handling PEAP authentication attempts. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • MS-CHAP Authentication Bypass Vulnerability - CVE-2009-3677
    An elevation of privilege vulnerability exists in the Internet Authentication Service. An attacker could send a specially crafted Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication request that could obtain access to network resources under the privileges of a specific, authorized user.

Microsoft Security Bulletin MS09-072

Cumulative Security Update for Internet Explorer (976325)

Severity: Critical
Vulnerabilities:
  • ATL COM Initialization Vulnerability - CVE-2009-2493
    A remote code execution vulnerability exists in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. Components and controls built using ATL could allow the instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer. Therefore, this vulnerability could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-3671
    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • HTML Object Memory Corruption Vulnerability - CVE-2009-3672
    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-3673
    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-3674
    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin MS09-073

Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Severity: Important
Vulnerabilities:
  • WordPad and Office Text converter Memory Corruption Vulnerability - CVE-2009-2506
    A remote code execution vulnerability exists in the way that text converters in Microsoft WordPad and Microsoft Office Word process memory when a user opens a specially crafted Word 97 file.

Microsoft Security Bulletin MS09-074

Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Severity: Critical
Vulnerabilities:
  • Project Memory Validation Vulnerability - CVE-2009-0102
    A remote code execution vulnerability exists in the way that Microsoft Office Project handles specially crafted Project files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.