September 2010 Patch Tuesday Overview
Microsoft has released 9 new security bulletins addressing 11 vulnerabilities. This is another big month for patching, and if it seems like there have been more security bulletins released by Microsoft this year, you would be correct. Last year through September Patch Tuesday, Microsoft released 49 new security bulletins. This year through this patch Tuesday, Microsoft has already released 69 new security bulletins.
For the September 2010 patch Tuesday, it is especially important for IT administrators to read these bulletins and determine how they affect their individual environments as today’s bulletins apply to special configurations. The two bulletins administrators should address first and foremost are MS10-061 and MS10-062.
First, MS10-061 fixes a vulnerability in the Print Spooler Service in Windows XP. If you are running Windows XP and sharing a printer, attackers can compromise the machine with an over-the-network print request. This vulnerability was found in the Stuxnet malware family and it is currently being exploited in the wild. The Stuxnet malware family has lead to a couple of patches for zero-day exploits, such as MS10-046. MS10-046 was released out-of-band to fix the Windows LNK vulnerability. The Stuxnet malware family prompted this release as it was exploiting the vulnerability as a zero-day.
MS10-062 fixes a vulnerability in the MPEG-4 codec on Windows operating systems. If a user opens a specially crafted malicious media file (AVI) with a media player, an attacker can take control of the machine via remote code execution. Viewing media formats is becoming more and more common for both work and home users. It is not safe to assume that media viewing only occurs at home and not on your network. Media file distribution can happen in many ways such as visiting a website that hosts malicious media files, viewing media files from a streaming server or opening the slapstick funny email attachment from your friends.
There is one last bulletin that should be on your radar as well for this month. As with quite a few of the bulletins this month, only certain configurations of the software are affected by the vulnerabilities. With MS10-064, Microsoft Outlook that is connected to your Microsoft Exchange Server and has Online Mode configured can result in the system being vulnerable to attacks. In this configuration, opening a malicious RTF format document in the Outlook preview pane can lead to remote code execution. Although in most configurations, Outlook is set to use Cached Exchange mode for email handling.
There is also some news on the Adobe patching front as well. Yesterday Adobe announced they will be releasing a patch for their security advisory APSA10-02 during the week of October 4, 2010. This security bulletin will address a vulnerability affecting Adobe Reader and Acrobat that is currently being exploited in the wild. In addition, Adobe announced a new security advisory with APSA10-03. This advisory applies to a vulnerability for Adobe Flash Player, Adobe Reader and Adobe Acrobat. This vulnerability is also being exploited in the wild.
- Jason Miller