Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage (Feb 13, 2009)

by Security News

During the first 2 months of 2009 Microsoft has published 5 security bulletins. Among them, MS09-001, MS09-003 and MS09-004 address vulnerabilities on the server side, while MS09-002 and MS09-005 address vulnerabilities on the client side. SonicWALL UTM team has analyzed each security bulletin and released IPS signatures that detect/prevent potential attacks leveraging these vulnerabilities. Below is the summary of security bulletins and the corresponding SonicWALL signatures.

MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution
  • IPS Sid 5357 -- NETBIOS MS SMB TRANS Request Error Handling Memory Corruption PoC (MS09-001)
    CVE-2008-4834
  • IPS Sid 5358 -- NETBIOS MS SMB OPEN2 Request Error Handling Memory Corruption PoC (MS09-001)
    CVE-2008-4835

MS09-002 Cumulative Security Update for Internet Explorer

  • IPS Sid 5379 -- WEB-CLIENT MS IE Cloned Object Memory Corruption Attempt (MS09-002)
    CVE-2009-0075
  • IPS Sid 5387 -- WEB-CLIENT MS IE CSS Processing Memory Corruption PoC (MS09-002)
    CVE-2009-0076

MS09-003 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution

  • IPS Sid 5383 -- DOS MS Exchange System Attendant DoS
    CVE-2009-0099
  • IPS Sid 5385 -- SMTP MS Exchange TNEF Integer Underflow PoC (MS09-003)
    CVE-2009-0098

MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution

  • IPS Sid 1286 -- MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (Unicode)
    CVE-2008-5416
  • IPS Sid 1292 -- MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (ASCII)
    CVE-2008-5416
  • IPS Sid 1358 -- MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (Unicode-SMB)
    CVE-2008-5416
  • IPS Sid 1360 -- MS-SQL SQL Server sp_replwritetovarbin Procedure Attempt (ASCII-SMB)
    CVE-2008-5416

MS09-005 Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution

  • IPS Sid 5384 -- MISC MS Visio Object ID Table Memory Corruption PoC (MS09-005)
    CVE-2009-0097
  • IPS Sid 5386 -- MISC MS Visio Invalid Tag Handling Memory Corruption PoC (MS09-005)
    CVE-2009-0096
  • IPS Sid 5389 -- MS Visio VSD File Icon Bits Memory Corruption PoC (MS09-005)
    CVE-2009-0096

Besides enabling prevention for these signatures, customers are advised to run Windows Update and get latest patches from Microsoft in order to maximize the protection against potential exploits.

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.