Microsoft Security Bulletin for December 2009

The table below lists the Microsoft vulnerabilities for December.

MS Bulletin Number	Microsoft Bulletin Title	Severity	Impact of Vulnerability	Affected Software	CVE ID
MS09-069	Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)	Important	Denial of Service	Microsoft Windows	CVE-2009-3675
MS09-070	Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)	Important	Remote Code Execution	Microsoft Windows	CVE-2009-2508 CVE-2009-2509
MS09-071	Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)	Critical	Remote Code Execution	Microsoft Windows	CVE-2009-2505 CVE-2009-3677
MS09-072	Cumulative Security Update for Internet Explorer (976325)	Critical	Remote Code Execution	Microsoft Windows	CVE-2009-2493 CVE-2009-3671 CVE-2009-3672 CVE-2009-3673 CVE-2009-3674
MS09-073	Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)	Important	Remote Code Execution	Microsoft Windows, Microsoft Office	CVE-2009-2506
MS09-074	Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)	Critical	Remote Code Execution	Microsoft Office	CVE-2009-0102

Threat Remediation

Fortinet provides coverage on Microsoft vulnerabilities in December 2009.

CVE Number	Signature Name
CVE-2009-2509	MS.ADFS.Malformed.HTTP.Header.Code.Execution
CVE-2009-3677	MS.IAS.Privilege.Elevation
CVE-2009-2493	MS.ATL.Object.Type.Mismatch.Code.Execution
CVE-2009-3671	MS.IE.DOM.Operation.Memory.Corruption
CVE-2009-3672	MS.IE.GetElementsByTagName.CSS.Handling.Code.Execution
CVE-2009-3674	MS.IE.DOM.Operation.Circular.Reference.Memory.Corruption
CVE-2009-2506	MS.Word.Text.Converter.Memory.Corruption
CVE-2009-0102	MS.Project.Props.List.Memory.Corruption

For more information on new and enhanced signatures, visit the IPS Service Update History. If you require more information, contact the FortiGuard Team using our Contact Us web page.

Document History

Revision Date	Version Number
Tuesday, December 08 2009	1	Initial Documentation.

Reference:

Microsoft Security Bulletin Summary for December 2009: http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx

Fortinet

FortiGuard Center: Threat Research and Response

Microsoft Security Bulletin for December 2009

Threat Remediation

Document History

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

Fortinet

FortiGuard Center: Threat Research and Response

Microsoft Security Bulletin for December 2009

Threat Remediation

Document History

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

Social Media