NEW THREAT OVERVIEW | PREVIOUS THREATS UPDATES | THREAT DETAILS EXECUTIVE SUMMARY December 14, 2010 | MTIS10-235 Since the last McAfee® Labs Security Advisory (December 13), the following noteworthy events have taken place: ● Patches are available for the following: ❍ (MS10-090) Cumulative Security Update for Internet Explorer (2416400) ❍ (MS10-091) Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Remote Code Execution (2296199) ❍ (MS10-092) Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420) ❍ (MS10-093) Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434) ❍ (MS10-094) Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961) ❍ (MS10-095) Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678) ❍ (MS10-096) Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) ❍ (MS10-097) Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) ❍ (MS10-098) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673) ❍ (MS10-099) Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591) ❍ (MS10-100) Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962) ❍ (MS10-101) Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559) ❍ (MS10-102) Vulnerability in Hyper-V Could Allow Denial of Service (2345316) NEW THREAT OVERVIEW (MS10-090) Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (2416400) MTIS10-235-A IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control DAT | Web Gateway | Artemis | Policy Auditor SCAP | UNDER ANALYSIS: MNAC 2.x | Firewall Enterprise Back to top (MS10-090) Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (2416400) MTIS10-235-B IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-090) Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (2416400) MTIS10-235-C IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top Security Advisory MTIS10-235 - Page 1 of 18 (MS10-090) Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (2416400) MTIS10-235-D IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-091) Microsoft Windows OpenType Font Index Vulnerability (2296199) MTIS10-235-E IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control DAT | Web Gateway | Artemis | Policy Auditor SCAP | UNDER ANALYSIS: MNAC 2.x | Firewall Enterprise Back to top (MS10-091) Microsoft Windows OpenType Font Double Free Vulnerability (2296199) MTIS10-235-F IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control DAT | Web Gateway | Artemis | Policy Auditor SCAP | UNDER ANALYSIS: MNAC 2.x | Firewall Enterprise Back to top (MS10-091) Microsoft Windows OpenType CMAP Table Vulnerability (2296199) MTIS10-235-G IMPORTANCE: Medium BOP | Host IPS | Network Security Platform | Vulnerability Manager | COVERED PRODUCTS: Application Control DAT | Web Gateway | Artemis | Policy Auditor SCAP | UNDER ANALYSIS: MNAC 2.x | Firewall Enterprise Back to top (MS10-092) Microsoft Windows Task Scheduler Could Allow Elevation of Privilege (2305420) MTIS10-235-H IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-093) Microsoft Windows Movie Maker Could Allow Remote Code Execution (2424434) MTIS10-235-I IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-094) Microsoft Windows Media Encoder Could Allow Remote Code Execution (2447961) MTIS10-235-J IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Security Advisory MTIS10-235 - Page 2 of 18 Back to top (MS10-095) Microsoft Windows BranchCache Insecure Library Loading Could Allow Remote Code Execution (2385678) MTIS10-235-K IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-096) Microsoft Windows Address Book Could Allow Remote Code Execution (2423089) MTIS10-235-L IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-097) Microsoft Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105) MTIS10-235-M IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-098) Microsoft Windows Win32k Buffer Overflow Could Allow Elevation Of Privilege (2436673) MTIS10-235-N IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-098) Microsoft Windows Win32k Buffer Overflow Could Allow Elevation Of Privilege (2436673) MTIS10-235-O IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-098) Microsoft Windows Win32k Double Free Could Allow Elevation Of Privilege (2436673) MTIS10-235-P IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-098) Microsoft Windows Win32k WriteAV Could Allow Elevation Of Privilege (2436673) MTIS10-235-Q IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Security Advisory MTIS10-235 - Page 3 of 18 Back to top (MS10-098) Microsoft Windows Win32k Cursor Linking Could Allow Elevation Of Privilege (2436673) MTIS10-235-R IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-098) Microsoft Windows Win32k Memory Corruption Could Allow Elevation Of Privilege (2436673) MTIS10-235-S IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-099) Microsoft Windows Routing and Remote Access Could Allow Elevation of Privilege (2440591) MTIS10-235-T IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-100) Microsoft Windows Consent User Interface Could Allow Elevation of Privilege (2442962) MTIS10-235-U IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top (MS10-101) Microsoft Windows Netlogon Service Could Allow Denial Of Service (2207559) MTIS10-235-V IMPORTANCE: Medium COVERED PRODUCTS: Network Security Platform | Vulnerability Manager DAT | Web Gateway | Artemis | Policy Auditor SCAP | UNDER ANALYSIS: MNAC 2.x | Firewall Enterprise Back to top (MS10-102) Microsoft Windows Hyper-V Could Allow Denial of Service (2345316) MTIS10-235-W IMPORTANCE: Medium COVERED PRODUCTS: Vulnerability Manager Web Gateway | Artemis | Policy Auditor SCAP | MNAC 2.x | UNDER ANALYSIS: Firewall Enterprise Back to top PREVIOUS THREAT UPDATES (MS10-090) Microsoft Internet Explorer Invalid Flag Remote Code Execution (2416400) MTIS10-211-A IMPORTANCE: Medium DAT | BOP | Host IPS | Network Security Platform | NOW COVERED: Vulnerability Manager | Web Gateway | Application Control Security Advisory MTIS10-235 - Page 4 of 18 Back to top THREAT DETAILS (MS10-090) Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (2416400) MTIS10-235-A THREAT IDENTIFIER(S) CVE-2010-3340; MS10-090 THREAT TYPE Vulnerability RISK ASSESSMENT High MAIN THREAT VECTORS Web USER INTERACTION REQUIRED Yes A remote code execution vulnerability exists in some versions of Microsoft Internet Explorer. The vulnerability is specific to the access to a deleted or incorrectly initialized DESCRIPTION object. Exploitation could allow an attacker to execute remote code. The exploit requires the user visits a specially crafted website. IMPORTANCE Medium. On December 14, Microsoft released a patch to address this issue. MCAFEE PRODUCT COVERAGE DAT FILES Under analysis VIRUS SCAN ENTERPRISE SCAN BOP Generic