Next: Top vulnerabilities for April
Qualys' April vunerability report
Title | QualysID | CVE Reference | Ext. Reference |
---|---|---|---|
Adobe Flash Player Multiple Vulnerabilities | 115593 | CVE-2007-2022 | APSB07-12 |
Adobe Flash Player Update Available to Address Security Vulnerabilities | 116244 |
CVE-2009-0519
CVE-2009-0520
|
APSB09-01 |
Adobe Acrobat and Adobe Reader Multiple Vulnerabilities | 115847 |
CVE-2008-2641
|
APSB08-15 |
Adobe Reader JavaScript Methods Memory Corruption Vulnerability | 116399 |
CVE-2009-1492
CVE-2009-1493 |
APSA09-02 and APSB09-06 |
Sun Java Multiple Vulnerabilities | 116174 |
CVE-2008-2086
CVE-2008-5342
|
244988 and others |
Microsoft Office PowerPoint Could Allow Remote Code Execution | 110094 |
CVE-2009-0556
CVE-2009-0220
|
MS09-017 |
Microsoft Excel Remote Code Execution Vulnerability | 110093 |
CVE-2009-0238
|
MS09-009 |
Sev4 Microsoft Word Multiple Remote Code Execution Vulnerabilities | 110092 |
CVE-2008-4024
CVE-2008-4025 CVE-2008-4026 |
MS08-072 |
WordPad and Office Text Converters Remote Code Execution Vulnerability | 90474 |
CVE-2008-4841
CVE-2009-0087 |
MS09-010 |
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution | 90503 |
CVE-2009-1537
|
MS09-028 |
Microsoft’s April security bulletin assessment
Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability Index | Likely first 30 days impact | Platform mitigations and key notes |
MS10-027 (WMP) |
Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploit code developed | Windows Vista, Windows Server 2008, and Windows 7 not affected |
MS10-026 (DirectShow) |
Victim browses to a malicious webpage or opens a malicious AVI movie. | Critical | 1 | Likely to see reliable exploit code developed | Windows 7 codec is not vulnerable. |
MS10-019 (WinVerifyTrust) |
Victim double-clicks a malicious EXE or allows malicious content to run because content claims to be signed by a trusted publisher. | Critical | 2 | Likely to see effective proof-of-concept code released to downgrade Authenticode checks from v2 down to v1. Authenticode v1 is a weaker algorithm. To reach code execution, attackers will need to find an Authenticode v1 bypass. | Microsoft Update and Windows Update clients not directly vulnerable to this threat. |
MS10-020 (SMB Client) |
Attacker hosts malicious SMB server within enterprise network. Attacker lures victim to click on a link that causes victim to initiate an SMB connection to the malicious SMB server. | Critical | 2 | Proof-of-concept code already exists for denial-of-service vulnerability. May see unreliable exploit code developed for other client-side SMB vulnerabilities that most often results in denial-of-service. | Egress filtering at most corporations will limit exposure to attacker within enterprise network. Several issues with differing exploitability. Please see SRD blog for more information. |
MS10-022 (VBScript) |
Victim browses to a malicious webpage and is tricked into clicking F1 on a VBScript messagebox. | Important | 1 | Public exploit code exists for code execution after a user presses F1. Have not heard reports of real-world attacks yet, despite public exploit code. | Vulnerability not reachable on Windows 7, Windows Server 2008, and Windows Vista by default. Bulletin rated defense-in-depth for those platforms. Windows Server 2003 not vulnerable by default due to Enhanced Security Configuration. |
MS10-025 (Windows Media Services) |
If a victim Windows 2000 machine has enabled Windows Media Services, an attacker can send network-based attack over port 1755 (TCP or UDP). | Critical | 1 | Likely to see reliable exploit code developed. | Only Windows 2000 is affected. |
MS10-021 (Kernel) |
Attacker able to run code locally on a machine exploits a vulnerability to run code at a higher privilege level. | Important | 1 | Likely to see reliable exploit code developed for one or more of these eight vulnerabilities. | SRD blog post explaining the Windows registry link vulnerabilities. |
MS10-024 (SMTP Service) |
Attacker causes SMTP Service running on 64-bit Windows Server 2003 to crash by initiating a DNS lookup handled by a malicious DNS server. | Important | n/a | No chance for code execution. May see proof-of-concept code that crashes SMTP Service but not for Exchange. | Exchange Server not directly affected by denial-of-service vulnerability because vulnerable versions never shipped as 64-bit application. Security update applies to 32-bit Exchange Server to add additional DNS protections. |
MS10-028 (Visio) |
Victim opens malicious .VSD file | Important | 1 | Visio exploits not often seen in the wild. Unsure whether we will see exploit released. | Visio not installed by default with most Office installations. |
MS10-023 (Publisher) |
Victim opens malicious .PUB file | Important | 1 | Publisher exploits not often seen in the wild. Unsure whether we will see exploit released. | |
MS10-029 (ISATAP) |
Attacker spoofs own source address by encapsulating iPv6 attack packet inside IPv4 wrapper. This may allow attacker to reach IPv6 destination that otherwise would be blocked. | Moderate | n/a | May see proof-of-concept released publicly. |
Next: Comment from the vendors