The three bulletins, MS10-087, 088 and -089 fixed a total of 11 vulnerabilities, five in Microsoft Office, two in Microsoft Office PowerPoint and four in Microsoft Unified Access Gateway. The release comes one month after a massive, October patch consisting of 16 bulletins addressing 49 vulnerabilities across a range of products.
Following that patch tsunami, November offers a relative respite, as Microsoft indicated in its pre-release guidance last week. Of the three bulletins, only one is rated critical: MS10-087, which fixes holes in versions of the Office Suite ranging from Office XP SP3 to Office 2010. Among the holes patched is a stack buffer overflow vulnerability that’s rated critical for Office 2007, SP2 and for the 32 and 64 bit versions of Office 2010.
Stack buffer overflows occur when a program writes to a memory address that’s outside the call stack, or data structure, allocated for that program – often by sending more data to a fixed length buffer than was intended. Attackers can use this type of programming vulnerability to place malicious code on the vulnerable system and run it with the permissions accorded to the vulnerable application.
In this case, attackers could use a Rich Text Format (RTF) file to trigger the overflow. Microsoft rated the vulnerability critical due to a recognized attack vector that could use the Outlook e-mail message preview pane to trigger the vulnerability, according to a post on Microsoft’s Security Resource Center (MSRC) blog. The bulletin also closes an Office-based attack vector for a widespread “DLL Preloading” vulnerability that garnered attention after security researcher HD Moore posted information on applications from a variety of vendors that contained the flaw in August.
MS10-088 fixes what Microsoft describes as “cooperatively disclosed” holes in the PowerPoint 2002 Service Pack 3 and 2004, Service Pack 3. MS10-089 fixes application and Unified Access Gateway (UAG), a remote access product that is part of the Microsoft Forefront family of products.