Title

Multiple Vulnerabilities in Microsoft Windows (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting Microsoft Windows. To exploit these vulnerabilities, an attacker would entice a user to open a malicious media file streamed from a malicious web site or sent via email. If successfully exploited, these vulnerabilities would allow an attacker to run arbitrary code and compromise an affected system. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Media Decompression Vulnerability - (CVE-2010-1879): A remote code execution vulnerability exists in the way that Microsoft Windows handles media files. This vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MJPEG Media Decompression Vulnerability - (CVE-2010-1880): A remote code execution vulnerability exists in the way that Microsoft Windows handles media files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-033 (979902). Vulnerable Applications/Systems: Microsoft Windows 2000 Microsoft Windows 2000 SP 4 Quartz.dll (DirectShow) (DirectX 9)[1] (KB975562) Windows Media Format Runtime 9[2] (KB978695) Windows Media Encoder 9 x86 (KB979332) Asycfilt.dll (COM component) (KB979482) Windows XP Windows XP SP 2 and SP 3 Quartz.dll (DirectShow) (KB975562) Windows Media Encoder 9 x86 (KB979332) Asycfilt.dll (COM component) (KB979482) Windows Media Format Runtime 9, 9.5 and 11 (KB978695) Windows Media Format Runtime 9, 9.5 and 11 (KB978695) Windows XP Professional x64 Edition SP 2 Quartz.dll (DirectShow) (KB975562) Windows Media Format Runtime 9.5 (KB978695) Windows Media Format Runtime 9.5 x64 Edition[3] (KB978695) Windows Media Format Runtime 11 (KB978695) Windows Media Encoder 9 x86 (KB979332) Windows Media Encoder 9 x64 (KB979332) Asycfilt.dll (COM component) (KB979482) Windows Server 2003 Windows Server 2003 SP 2 Quartz.dll (DirectShow) (KB975562) Windows Media Format Runtime 9.5 (KB978695) Windows Media Encoder 9 x86 (KB979332) Asycfilt.dll (COM component) (KB979482) Windows Server 2003 x64 Edition SP 2 Quartz.dll (DirectShow) (KB975562) Windows Media Format Runtime 9.5 (KB978695) Windows Media Format Runtime 9.5 x64 Edition[3] (KB978695) Windows Media Encoder 9 x86 (KB979332) Windows Media Encoder 9 x64 (KB979332) Asycfilt.dll (COM component) (KB979482) Windows Server 2003 with SP2 for Itanium-based Systems Quartz.dll (DirectShow) (KB975562) Asycfilt.dll (COM component) (KB979482) Windows Vista Windows Vista SP 1 Quartz.dll (DirectShow) (KB975562) Windows Vista SP 1 and SP 2 Asycfilt.dll (COM component) (KB979482) Windows Media Encoder 9 x86 (KB979332) Windows Vista x64 Edition SP 1 Quartz.dll (DirectShow) (KB975562) Windows Vista x64 Edition SP 1 and SP 2 Asycfilt.dll (COM component) (KB979482) Windows Media Encoder 9 x86 (KB979332) Windows Media Encoder 9 x64 (KB979332) Windows Server 2008 Windows Server 2008 for 32-bit Systems Quartz.dll (DirectShow)** (KB975562) Windows Server 2008 for 32-bit Systems and SP 2 Asycfilt.dll (COM component)* (KB979482) Windows Media Encoder 9 x86** (KB979332) Windows Server 2008 for x64-based Systems Quartz.dll (DirectShow)** (KB975562) Windows Server 2008 for x64-based Systems and SP 2 Asycfilt.dll (COM component)* (KB979482) Windows Media Encoder 9 x86** (KB979332) Windows Media Encoder 9 x64** (KB979332) Windows Server 2008 for Itanium-based Systems Quartz.dll (DirectShow) (KB975562) Windows Server 2008 for Itanium-based Systems and SP 2 Asycfilt.dll (COM component) (KB979482) Windows 7 Windows 7 for 32-bit Systems Asycfilt.dll (COM component) (KB979482) Windows 7 for x64-based Systems Asycfilt.dll (COM component) (KB979482) Windows Server 2008 R2 Windows Server 2008 R2 for x64-based Systems Asycfilt.dll (COM component)* (KB979482) Windows Server 2008 R2 for Itanium-based Systems Asycfilt.dll (COM component) (KB979482) *Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. **Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. [1]The update for Quartz.dll (Direct Show) (DirectX 9) also applies to DirectX 9.0a, DirectX 9.0b, and DirectX 9.0c. [2]There are two versions of the Windows Media Format Runtime for Microsoft Windows 2000. This update applies only to the supported Loki (L) version. Customers who have the Non-Loki (NL) version should upgrade to the supported Loki version of Windows Media Format Runtime. For more information, see Microsoft Knowledge Base Article 974316. [3]If you have installed Windows Media Format Runtime 9.5 x64 Edition out-of-band, you must apply the Windows Media Format Runtime 9.5 and Windows Media Format Runtime 9.5 x64 Edition security updates in order to be fully protected from the vulnerability discussed in this bulletin. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Asycfilt.dll (979482) Windows 2000 SP4 2.40.4534.0 Windows XP SP3 5.1.2600.5949 Windows XP SP2 x64 5.2.3790.4676 Windows 2003 SP2 5.2.3790.4676 Windows Vista SP1 / 2008 6.0.6001.18454 or 22665 Windows Vista SP2 / 2008 SP2 6.0.6002.18236 or 22377 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16544 or 20660 Quartz.dll (975562) Windows 2000 SP4 6.5.1.914 Windows XP SP3 6.5.2600.5933 Windows XP SP2 x64 6.5.3790.4660 Windows 2003 SP2 6.5.3790.4660 Windows Vista SP1 / 2008 6.0.6001.18461 or 22672 Wmvcore.dll (978695) Windows Media Format Runtime 9 Windows 2000 SP4 9.0.0.3369 Windows XP SP3 9.0.0.4509 Windows Media Format Runtime 9.5 Windows XP SP3 10.0.0.3706, 4078, 4374 Windows XP SP2 x64 10.0.0.4007 Windows 2003 SP2 10.0.0.4007 Windows Media Format Runtime 9.5 x64 Windows XP SP2 x64 10.0.0.3821 Windows 2003 SP2 x64 10.0.0.3821 Windows Media Format Runtime 11 Windows XP SP3 11.0.5721.5275 Windows XP SP2 x64 11.0.5721.5275 Windows Media Encoder 9 (Windows 2008, Vista, 2003, XP, 2000) Wmenceng.dll 32-bit version 9.0.0.3369 WOW, 64-bit version 9.0.0.3369 64-bit version 10.0.0.3821

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-24371

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.