Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: XP home edition and IE8. Secure or insecure?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
whaler XP home edition and IE8. Secure or insecure?
Member 9th Dec, 2009 01:26
Ranking: 0
Posts: 18
User Since: 25th May, 2009
System Score: N/A
Location: N/A
I turned on my computer and apparently overnight XP home edition and IE8 became cat. 4 threats. Both have direct links to the update page at Microsoft, but whether I check express or custom there's no patch for either one. Why is Secunia listing them as insecure with a fix when Microsoft is apparently unaware of the problem and definitely has no fix? This is on both of my computers so it's not a glitch on my end. Anybody else seeing this?

Mr2Sticks RE: XP home edition and IE8. Secure or insecure?
Member 9th Dec, 2009 07:13
Score: 0
Posts: 2
User Since: 9th Dec 2009
System Score: N/A
Location: N/A
Same thing here: can't patch. But the advisory is valid, apparently. I immediately looked at my firewall (Zone Alarm Internet Security Suite) but don't see anything that could be block MS patches, nor has this happened before (I think). If I find out anything while looking about I'll post back here.

Here's from a newsletter I subscribe to:

Microsoft Patch Disclosure - December 8, 2009

*Overview*

This month Microsoft released 6 bulletins which repair a total of 12
vulnerabilities. One of these vulnerabilities was a public zero-day
(Internet Explorer CSS Memory Corruption – CVE-2009-3672) that has
been used in the wild to compromise systems.

Both eEye's Blink® Professional and Blink® Personal client security
software with anti-virus have protected from client-side
memory-corruption vulnerabilities generically.

*Patch Precedence*

Out of the 6 patches this month, three are client-side specific, and 3
are remote network vulnerabilities. Administrators should patch
MS09-072, MS09-0071, and MS09-073 immediately. The remainder of the
patches should be applied after environment testing, or to
environments that have the specifically affected software deployed.

As always, eEye suggests that users roll out Microsoft patches as fast
as possible, preferably after testing the impact on internal
applications and network continuity. For those who would like further
information regarding the potential risks and remediation requirements
of the patches announced today, please consider attending tomorrow's Vulnerability
Expert Forum
<http://www.eeye.com/Company/News-and-Events/Vulner...>
hosted by the eEye Security Research Team.

For more information on patch precedence, see the eEye Versa
Newsletter article Patch Tuesday Prioritization for a Large Enterprise
<http://www.eeye.com/html/resources/newsletters/ver...>.

*Bulletin Summary*

*Critical*

MS09-071 - Vulnerabilities in Internet Authentication Service Could
Allow Remote Code Execution (974318)
MS09-072 - Cumulative Security Update for Internet Explorer (976325)
MS09-074 - Vulnerability in Microsoft Office Project Could Allow
Remote Code Execution (967183)

*Important*

MS09-069 - Vulnerability in Local Security Authority Subsystem Service
Could Allow Denial of Service (974392)
MS09-070 - Vulnerabilities in Active Directory Federation Services
Could Allow Remote Code Execution (971726)
MS09-073 - Vulnerability in WordPad and Office Text Converters Could
Allow Remote Code Execution (975539)

*Bulletin Details*

*MS09-069***

Vulnerability in Local Security Authority Subsystem Service Could
Allow Denial of Service (974392)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Important*
eEye Severity Rating: *Important*

*Description*
This security update resolves a privately reported vulnerability in
Microsoft Windows. The vulnerability could allow a denial of service
if a remote, authenticated attacker, while communicating through
Internet Protocol security (IPsec), sends a specially crafted ISAKMP
message to the Local Security Authority Subsystem Service (LSASS) on
an affected system.

- *Local Security Authority Subsystem Service Resource Exhaustion
Vulnerability - CVE-2009-3675*
A denial of service vulnerability exists in Microsoft Windows due
to the way that the Local Security Authority Subsystem Service (LSASS)
improperly handles specially crafted ISAKMP messages communicated
through IPsec.

This vulnerability can only be exploited by an authenticated attacker
using an Internet Protocol Security (IPsec) environment. Therefore,
not all systems and environments are affected by this vulnerability. This
vulnerability will likely only be exploited in targeted scenarios by
logged in users or applications, such as disgruntled employees or via
a malformed application. Administrators with IPsec environments
should roll out this patch after testing to ensure network
communication is not affected by the update.

*Recommendations*
For environments that do not require IPsec, administrators have the
option of removing IPsec in order to mitigate this attack.

*MS09-070***

Vulnerabilities in Active Directory Federation Services Could Allow
Remote Code Execution (971726)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Important*
eEye Severity Rating: *Important*

*Description*
This security update resolves two privately reported vulnerabilities
in Microsoft Windows. The more severe of these vulnerabilities could
allow remote code execution if an attacker sent a specially crafted
HTTP request to an ADFS-enabled Web server. An attacker would need to
be an authenticated user in order to exploit either of these
vulnerabilities. The security update addresses the vulnerabilities by
correcting the validation that ADFS-enabled Web servers apply to
request headers submitted by a Web client.

- *Single Sign On Spoofing in ADFS Vulnerability - CVE-2009-2508*
A spoofing vulnerability in Active Directory Federation Services
could allow an attacker to impersonate an authenticated user if the
attacker has access to a workstation and Web browser recently used by
the targeted user to access a Web site that offers single sign on.
- *Remote Code Execution in ADFS Vulnerability - CVE-2009-2509*
A remote code execution vulnerability exists in implementations of
Active Directory Federation Services (ADFS). The vulnerability is due
to incorrect validation of request headers when an authenticated user
connects to an ADFS enabled Web server. An attacker who successfully
exploited this vulnerability could take complete control of an
affected system.

This vulnerability can be exploited by remote authenticated attackers
to trigger memory corruption or to impersonate another user and
conceal their real identity. Attackers are likely to target these
vulnerabilities in environments where they have already gained access
to users' credentials (usually through a system compromise followed by keylogging
software, Man In The Middle Attacks, or Phishing attacks).

*Recommendations*
Since these attacks require valid logon credentials, administrators
are advised to monitor client machines for attackers launching network
exploits from compromised machines.

*MS09-071***

Vulnerabilities in Internet Authentication Service Could Allow Remote
Code Execution (974318)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Critical*
eEye Severity Rating: *Critical*

*Description*
This security update resolves two privately reported vulnerabilities
in Microsoft Windows. These vulnerabilities could allow remote code
execution if messages received by the Internet Authentication Service
server are copied incorrectly into memory when handling PEAP
authentication attempts. An attacker who successfully exploited either
of these vulnerabilities could take complete control of an affected
system. Servers using Internet Authentication Service are only
affected when using PEAP with MS-CHAP v2 authentication. The security
update addresses the vulnerabilities by correcting the way Internet
Authentication Service validates authentication requests by PEAP
clients.

- *Internet Authentication Service Memory Corruption Vulnerability -
CVE-2009-2505*
A remote code execution vulnerability exists in implementations of
Protected Extensible Authentication Protocol (PEAP) on the Internet
Authentication Service. The vulnerability is due to incorrect copying
into memory of messages received by the server when handling PEAP
authentication attempts. An attacker who successfully exploited this
vulnerability could take complete control of an affected system.
- *MS-CHAP Authentication Bypass Vulnerability - CVE-2009-3677*
An elevation of privilege vulnerability exists in the Internet
Authentication Service. An attacker could send a specially crafted
Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP v2) authentication request that could obtain access to
network resources under the privileges of a specific, authorized user.

Two vulnerabilities within PEAP and Microsoft Internet Authentication
Service could allow remote attackers to bypass authentication systems
or execute arbitrary code at elevated privileges on a vulnerable
system. These two attacks are the most critical network attacks
addressed by Microsoft this month and should be patched immediately in
environments which implement MS-CHAP and PEAP. Attackers are likely
to focus on exploiting these vulnerabilities and use them alongside
client side vulnerabilities to compromise servers in environments that
they gain access to.

*Recommendations*
Administrators are urged to roll out this patch as soon as possible to
ALL vulnerable systems. ? Alternatively, in environments which have
the option of changing their authentication protocol, administrators
can switch to a different protocol other than PEAP with MS-CHAP v2 on
their Internet Authentication Service servers to mitigate this attack.

*MS09-072***

Cumulative Security Update for Internet Explorer (976325)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Critical*
eEye Severity Rating: *Highly Critical*

*Description*
This security update resolves four privately reported vulnerabilities
and one publicly disclosed vulnerability in Internet Explorer. The
vulnerabilities could allow remote code execution if a user views a
specially crafted Web page using Internet Explorer. Users whose
accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user
rights. An ActiveX control built with Microsoft Active Template
Library (ATL) headers could also allow remote code execution. The
security update addresses these vulnerabilities by correcting the
control and by modifying the way that Internet Explorer handles
objects in memory.

- *ATL COM Initialization Vulnerability - CVE-2009-2493*
A remote code execution vulnerability exists in an ActiveX control
built with vulnerable Microsoft Active Template Library (ATL) headers.
This vulnerability only directly affects systems with components and
controls installed that were built using Visual Studio ATL. Components
and controls built using ATL could allow the instantiation of
arbitrary objects that can bypass related security policy, such as
kill bits within Internet Explorer. Therefore, this vulnerability
could allow a remote, unauthenticated user to perform remote code
execution on an affected system. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a
user views the Web page, the vulnerability could allow remote code
execution.
- *Uninitialized Memory Corruption Vulnerability - CVE-2009-3671*
A remote code execution vulnerability exists in the way that
Internet Explorer accesses an object that has not been correctly
initialized or has been deleted. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a
user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
- *HTML Object Memory Corruption Vulnerability - CVE-2009-3672*
A remote code execution vulnerability exists in the way that
Internet Explorer accesses an object that has not been correctly
initialized or has been deleted. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a
user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
- *Uninitialized Memory Corruption Vulnerability - CVE-2009-3673*
A remote code execution vulnerability exists in the way that
Internet Explorer accesses an object that has not been correctly
initialized or has been deleted. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a
user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.
- *Uninitialized Memory Corruption Vulnerability - CVE-2009-3674*
A remote code execution vulnerability exists in the way that
Internet Explorer accesses an object that has not been correctly
initialized or has been deleted. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a
user views the Web page, the vulnerability could allow remote code
execution. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is
logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control
of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights.

Five vulnerabilities within Microsoft Internet Explorer are addressed
in this patch that could allow remote attackers to execute arbitrary
code and compromise systems when users visit a malicious web page. This
addresses the Microsoft zero-day CSS vulnerability (CVE-2009-3672) and
4 other similar vulnerabilities. These vulnerabilities could allow
malicious individuals to conduct drive-by exploit attacks by injecting
malicious iframes or SQL injections into servers that would then
redirect browsers to malformed web pages that target these
vulnerabilities.

*Recommendations*
Administrators are HIGHLY advised to roll out this patch immediately.

*MS09-073***

Vulnerability in WordPad and Office Text Converters Could Allow Remote
Code Execution (975539)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Important*
eEye Severity Rating: *Critical*

*Description*
This security update resolves a privately reported vulnerability in
Microsoft WordPad and Microsoft Office text converters. The
vulnerability could allow remote code execution if a specially crafted
Word 97 file is opened in WordPad or Microsoft Office Word. An
attacker who successfully exploited this vulnerability could gain the
same privileges as the user. Users whose accounts are configured to
have fewer privileges on the system could be less impacted than users
who operate with administrative privileges. The security update
addresses the vulnerability by correcting the way WordPad and the
Office Text Converters parse Word 97 documents.

- *WordPad and Office Text converter Memory Corruption Vulnerability -
CVE-2009-2506*
A remote code execution vulnerability exists in the way that text
converters in Microsoft WordPad and Microsoft Office Word process
memory when a user opens a specially crafted Word 97 file.

This patch fixes a single vulnerability within Microsoft Office Excel
XP, 2003, Microsoft Works 8.5 and Wordpad. This vulnerability is
triggered by opening malformed document files and could allow a remote
attacker to execute arbitrary code in the context of the current user.
Attackers will likely exploit theis vulnerability using targeted and
drive-by web attacks in order to compromise client machines. From
here, machines will be loaded with botnet malware or used as attack
points to target other machines on the network.

*Recommendations*
Administrators are urged to roll out this patch as soon as possible to
all vulnerable systems, especially internet-facing client machines
with Microsoft Office XP or 2003 installed.

*MS09-074***

Vulnerability in Microsoft Office Project Could Allow Remote Code
Execution (967183)
http://www.microsoft.com/technet/security/Bulletin...
<http://www.microsoft.com/technet/security/Bulletin...>

Microsoft Severity Rating: *Critical*
eEye Severity Rating: *Important*

*Description*
This security update resolves a privately reported vulnerability in
Microsoft Office Project. The vulnerability could allow remote code
execution if a user opens a specially crafted Project file. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who
operate with administrative user rights. The update removes the
vulnerability by modifying the way that Microsoft Office Project
validates memory allocations when opening Project files from disk to
memory.

- *Project Memory Validation Vulnerability - CVE-2009-0102*
A remote code execution vulnerability exists in the way that
Microsoft Office Project handles specially crafted Project files. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.

This patch addresses a single vulnerability within Microsoft Project.
This vulnerability is triggered by opening a malformed Project Plan
file (.MPP) and allows a remote attacker to execute arbitrary code in
the context of the current user. Attackers will likely exploit this
vulnerability using targeted and drive-by web attacks in order to
compromise client machines. From here, machines will be loaded with botnet
malware or used as attack points to target other machines on the
network.

*Recommendations*
Administrators are urged to roll out this patch as soon as possible to
all vulnerable systems, especially internet-facing client machines
with Microsoft Project 2000, 2002/XP and 2003 installed.

*The eEye Advantage*

*Retina® Security Scanner <http://www.eeye.com/Products/Retina.aspx>*
eEye Digital Security's Retina customers can update their scanner to
detect systems vulnerable to these latest issues and verify this
month's Microsoft patches are installed. Updated Retina audits are
automatically available to eEye Retina customers via Auto-Update. To
view a list of the corresponding audits, please visit:
http://www.eeye.com/Resources/Security-Center/Patc...
<http://www.eeye.com/Resources/Security-Center/Patc...>

*Blink® Endpoint Security <http://www.eeye.com/Products/Blink.aspx>*
eEye's line of Blink with Anti-Virus software protects from the
potential exploitation of these flaws without requiring invasive
firewalling, which could limit system functionality and business
connectivity as Blink does not require the disabling of services or
applications as a means of protection. The result is complete
protection for the system and the sensitive data that resides on it
with zero downtime or impact to critical system operations.

Current Blink customers aren't required to do anything to realize the
protection from these remote code execution flaws. No updates or
policy changes are required. Blink Professional, Blink Server and
Blink Personal now include multiple integrated anti-virus engines.
Blink Personal is available for free for one year for personal use and
can be downloaded at: http://free-antivirus.eeye.com
<http://free-antivirus.eeye.com>. Business users can download a trial
version of Blink Professional at
http://www.eeye.com/Downloads/Trial-Software/Blink...
<http://www.eeye.com/Downloads/Trial-Software/Blink...>

*Online Seminar: Vulnerability Expert Forum
<http://www.eeye.com/Company/News-and-Events/Vulner...>*
As a service to the network security community, the eEye Research Team
conducts a Vulnerability Expert Forum web seminar during the second
week of every month. eEye will host this month's forum on Wednesday of
this week. This forum enables participants to stay current on the
potential risks and remediation requirements of the patches announced
today, by exploring the effects that high-risk vulnerabilities and
exploits have on network environments and infrastructures.
To register, visit http://www.eeye.com/Company/News-and-Events/Vulner...
<http://www.eeye.com/Company/News-and-Events/Vulner...>.

*MANAGE YOUR SUBSCRIPTIONS*

To unsubscribe from this list, please send a completely blank e-mail
with a blank subject line to leave-34105-2498512.360528ef94ddb2a0abf23b2006e92c 0e@listserv.eeye.com <mailto:leave-34105-2498512.360528ef94ddb2a0abf23b 2006e92c0e@listserv.eeye.com>

*FEEDBACK*
The eEye newsletter staff welcomes any comments, questions or
suggestions from our readers. We hope that you will not hesitate to
contact us with any feedback you may have. Send all feedback to newsletter@eeye.com.

*DISCLAIMER*
The information within this newsletter may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information. In
no event shall the author be liable for any damages whatsoever arising
out of or in connection with the use or spread of this information.
Any use of this information is at the user's own risk.

*NOTICE*
Permission is hereby granted for the redistribution of this newsletter
electronically. It is not to be edited in any way without the express
consent of eEye. If you wish to reprint the whole or any part of this
newsletter in any other medium excluding electronic medium, please
email newsletter@eeye.com for permission.
Was this reply relevant?
+0
-0
Mr2Sticks RE: XP home edition and IE8. Secure or insecure?
Member 11th Dec, 2009 03:17
Score: 0
Posts: 2
User Since: 9th Dec 2009
System Score: N/A
Location: N/A
The "problem" seems to have been resolved. Secunia now reports no insecurities (after updating Adobe Flash).
Was this reply relevant?
+0
-0
whaler RE: XP home edition and IE8. Secure or insecure?
Member 23rd Dec, 2009 06:30
Score: 0
Posts: 18
User Since: 25th May 2009
System Score: N/A
Location: N/A
Last edited on 23rd Dec, 2009 06:33
I meant to thank you (Mr. Sticks)for your responses. As it happened I was getting the 2 security warnings when I began typing this thread. I read your first response and I thought "there must be a less complicated solution to this." by the time I saw your second response I still had 2 warnings but they were not for XP and IE8 anymore. They had changed into macromedia flash player. I can't understand how secunia made this error. There were no vulnerabilities in either program but there were in flash player. I don't know exactly how long they were listed, less than 24 hours, but they suddenly changed as I said. I thank you for both responses and I'm left to wonder how many people had this same experience. I am very grateful for secunia, and now I know that even they can make errors.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer