34 KBMicrosoft Security Bulletins
November 2009
Prior Updates:
2009
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2008
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
November 2009
Microsoft Security Bulletin MS09-063
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Severity: CriticalVulnerabilities:
- Web Services on Devices API Memory Corruption Vulnerability - CVE-2009-2512
A remote code execution vulnerability exists in the Web Services on Devices API (WSDAPI) on Windows systems. The vulnerability is due to the service not properly handling a WSDAPI message with a specially crafted header. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS09-064
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Severity: CriticalVulnerabilities:
- License Logging Server Heap Overflow Vulnerability - CVE-2009-2523
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft License Logging Server software handles specially crafted RPC packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the License Logging service. An attacker who successfully exploited this vulnerability could take complete control of the system.
Microsoft Security Bulletin MS09-065
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Severity: CriticalVulnerabilities:
- Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127
An elevation of privilege vulnerability exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Win32k Insufficient Data Validation Vulnerability - CVE-2009-2513
An elevation of privilege vulnerability exists in Windows kernel-mode drivers due to improper validation of input passed from user mode through the kernel component of GDI. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Win32k EOT Parsing Vulnerability - CVE-2009-2514
A remote code execution vulnerability exists in the Windows kernel-mode drivers due to the improper parsing of font code when building a table of directory entries. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
Severity: ImportantVulnerabilities:
- LSASS Recursive Stack Overflow Vulnerability - CVE-2009-1928
A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003, and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008. The vulnerability is due to stack space exhaustion during execution of certain types of LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.
Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Severity: ImportantVulnerabilities:
- Excel Cache Memory Corruption Vulnerability - CVE-2009-3127
A remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel SxView Memory Corruption Vulnerability - CVE-2009-3128
A remote code execution vulnerability exists in the way Microsoft Office Excel handles specially crafted Excel files that include a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel Featheader Record Memory Corruption Vulnerability - CVE-2009-3129
A remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files that include a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel Document Parsing Heap Overflow Vulnerability - CVE-2009-3130
A remote code execution vulnerability exists in the way Microsoft Office Excel handles specially crafted Excel files with malformed BIFF records. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel Formula Parsing Memory Corruption Vulnerability - CVE-2009-3131
A remote code execution vulnerability exists in the way that Microsoft Office Excel parses documents containing a specially crafted formula embedded inside a cell. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights in the context of the currently logged on user. - Excel Index Parsing Vulnerability - CVE-2009-3132
A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel Document Parsing Memory Corruption Vulnerability - CVE-2009-3133
A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Excel Field Sanitization Vulnerability - CVE-2009-3134
A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Security Bulletin MS09-068
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Severity: ImportantVulnerabilities:
- Microsoft Office Word File Information Memory Corruption Vulnerability - CVE-2009-3135
A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
