TITLE: Microsoft Windows Authentication Verification Two Vulnerabilities Moderately critical Impact: System access Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39371/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) An error exists within the Windows Authenticode Signature Verification function when processing certain fields of the file digest of portable executable (PE) and cabinet file formats. This can be exploited to inject arbitrary code into a signed executable without making the signature of the file invalid. 2) An error exists in the Windows Authenticode Signature verification for cabinet (.cab) file formats when processing certain fields of the file digest. This can be exploited to inject arbitrary code into a cabinet file without making the signature of the file invalid. Successful exploitation requires that a user is tricked into opening or viewing a specially crafted file. SOLUTION: Apply patches. -- Microsoft Windows 2000 SP4 -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=D7538166-35EE-4C6B-BE8C-E83A1FC6CD77 Cabinet File Viewer Shell Extension 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=13846177-F25F-4DD4-9FE9-AC43E1D4D73D -- Windows XP SP2 / SP3 -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=2A01DDF0-F3EA-47C8-ADA2-E69F6C1B5F96 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=6C3AC102-2107-4726-98BE-4FBF6B858BFB -- Windows XP Professional x64 Edition SP2 -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=9BBFF00C-F8F4-4A44-98F2-18A868986AE1 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=E64E487E-2727-4396-B0C9-6EAF000214D2 -- Windows Server 2003 SP2 -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=0E7E3DEB-F078-4953-9642-675EC69267F2 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=7AE9B1D0-0DBE-4ABD-B315-10CEA4CECCD7 -- Windows Server 2003 x64 Edition SP2 -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=99A3F6DA-728F-421C-AB41-C4C4751934A4 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=1709FD4E-D7C6-4CBB-8B71-A96B8D6EEE58 -- Windows Server 2003 with SP2 for Itanium-based Systems -- Authenticode Signature Verification 5.1: http://www.microsoft.com/downloads/details.aspx?familyid=06832599-1E9B-4792-8C7B-7B5B3A3D6277 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=811A2B28-655D-4B5D-821E-5A90D556DBA3 -- Windows Vista (optionally with SP1 / SP2) -- Authenticode Signature Verification 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=A52225A7-6005-4F2B-8291-DB20558F23F8 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=6145E2B2-36FD-4360-BD5B-2BD11890FC52 -- Windows Vista x64 Edition (optionally with SP1 / SP2) -- Authenticode Signature Verification 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=9BA7468C-23A4-4994-9A5A-22E96EF586F3 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=5B7EFA82-0FEB-413A-9F8E-212E7432CD99 -- Windows Server 2008 for 32-bit Systems (optionally with SP2) -- Authenticode Signature Verification 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=97FFEEC8-8B6D-4A30-97B0-4BFF2BA5E91D Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=F111735B-68B0-4BCC-9DD8-818A5ECA3400 -- Windows Server 2008 for x64-based Systems (optionally with SP2) -- Authenticode Signature Verification 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=49F9F740-023A-4291-BECF-838A1D282321 Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=91C08251-0085-44CB-9E9C-9A1A84374CAF -- Windows Server 2008 for Itanium-based Systems (optionally with SP2) -- Authenticode Signature Verification 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=BD60779A-8BB1-4107-A344-9B09A50E96FF Cabinet File Viewer Shell Extension 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=EB116688-1D6E-4E20-948E-1D347AF5D985 -- Windows 7 for 32-bit Systems -- Authenticode Signature Verification 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=8D4A6C65-E171-4570-8F3F-118F06910BAF Cabinet File Viewer Shell Extension 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=F0DBAC52-0F0E-40BC-9371-17FA594424D5 -- Windows 7 for x64-based Systems -- Authenticode Signature Verification 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=CF8C6721-05C2-4680-93B4-BE36F09C6D15 Cabinet File Viewer Shell Extension 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=B23EFE7D-BCA4-4D49-9104-6AE39DC5DAA9 -- Windows Server 2008 R2 for x64-based Systems -- Authenticode Signature Verification 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=94DFDAAE-8464-4DE6-A401-7EB70B3BB34F Cabinet File Viewer Shell Extension 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=A2979C02-2A80-4B84-BF6C-4798064BDF28 -- Windows Server 2008 R2 for Itanium-based Systems -- Authenticode Signature Verification 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=40F622D2-48E7-4EB2-9430-BBD218CB5208 Cabinet File Viewer Shell Extension 6.1: http://www.microsoft.com/downloads/details.aspx?familyid=5E416D4B-5DE7-4688-80C6-245DE159E0CE ORIGINAL ADVISORY: MS10-019 (KB981210, KB978601, KB979309) http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-
