=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN354
_____________________________________________________________________

DATE                      : 08/09/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Vista,
                             Windows Server 2003, Windows Server 2008
                             running Windows Media Format.

======================================================================
KB973812
http://www.microsoft.com/technet/security/Bulletin/MS09-047.mspx
______________________________________________________________________

Microsoft Security Bulletin MS09-047 - Critical

Vulnerabilities in Windows Media Format Could Allow Remote Code Execution
(973812)

  Published: September 08, 2009

  Version: 1.0

General Information

Executive Summary

  This security update resolves two privately reported vulnerabilities in
  Windows Media Format. Either vulnerability could allow remote code execution
  if a user opened a specially crafted media file. If a user is logged on with
  administrative user rights, an attacker who successfully exploited this
  vulnerability could take complete control of an affected system. An attacker
  could then install programs; view, change, or delete data; or create new
  accounts with full user rights. Users whose accounts are configured to have
  fewer user rights on the system could be less impacted than users who operate
  with administrative user rights.

  This security update is rated Critical for Windows Media Format Runtime 9.0,
  Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Microsoft
  Media Foundation, Windows Media Services 9.1, and Windows Media Services 2008.
  For more information, see the subsection, Affected and Non-Affected Software,
  in this section.

  The security update addresses the vulnerabilities by modifying the way that
  Windows Media Format Runtime parses Advanced Systems Format (ASF) files and
  MPEG-1 Audio Layer 3 (MP3) files. For more information about the
  vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the
  specific vulnerability entry under the next section, Vulnerability Information.

  Recommendation. The majority of customers have automatic updating enabled and
  will not need to take any action because this security update will be
  downloaded and installed automatically. Customers who have not enabled
  automatic updating need to check for updates and install this update manually.
  For information about specific configuration options in automatic updating,
  see Microsoft Knowledge Base Article 294871.

  For administrators and enterprise installations, or end users who want to
  install this security update manually, Microsoft recommends that customers
  apply the update immediately using update management software, or by checking
  for updates using the Microsoft Update service. See also the section,
  Detection and Deployment Tools and Guidance, later in this bulletin.

  Known Issues. Microsoft Knowledge Base Article 973812 documents the currently
  known issues that customers may experience when installing this security
  update. The article also documents recommended solutions for these issues.

Affected Software

  Microsoft Windows 2000 Service Pack 4:
  Windows Media Format Runtime 9.0

  Windows XP Service Pack 2:
  Windows Media Format Runtime 9.0
  Windows Media Format Runtime 9.5
  Windows Media Format Runtime 11


  Windows XP Service Pack 3:
  Windows Media Format Runtime 9.0
  Windows Media Format Runtime 9.5
  Windows Media Format Runtime 11

  Windows XP Professional x64 Edition Service Pack 2:
  Windows Media Format Runtime 9.5
  Windows Media Format Runtime 9.5 x64 Edition
  Windows Media Format Runtime 11

  Windows Server 2003 Service Pack 2:
  Windows Media Format Runtime 9.5

  Windows Server 2003 x64 Edition Service Pack 2:
  Windows Media Format Runtime 9.5
  Windows Media Format Runtime 9.5 x64 Edition

  Windows Vista, Windows Vista Service Pack 1, and
  Windows Vista Service Pack 2:
  Windows Media Format Runtime 11
  Microsoft Media Foundation

  Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1,
  and Windows Vista x64 Edition Service Pack 2:
  Windows Media Format Runtime 11
  Microsoft Media Foundation

  Windows Server 2008 for 32-bit Systems and Windows Server 2008 for
  32-bit Systems Service Pack 2:
  Windows Media Format Runtime 11
  Microsoft Media Foundation

  Windows Server 2008 for x64-based Systems and Windows Server 2008 for
  x64-based Systems Service Pack 2:
  Windows Media Format Runtime 11
  Microsoft Media Foundation
  Windows Media Services

  Windows Server 2003 Service Pack 2:
  Windows Media Services 9.1

  Windows Server 2003 x64 Edition Service Pack 2:
  Windows Media Services 9.1

  Windows Server 2008 for 32-bit Systems and Windows Server 2008 for
  32-bit Systems Service Pack 2:
  Windows Media Services 2008

  Windows Server 2008 for x64-based Systems and Windows Server 2008 for
  x64-based Systems Service Pack 2:
  Windows Media Services 2008

Vulnerability Information

Windows Media Header Parsing Invalid Free Vulnerability - CVE-2009-2498

  A remote code execution vulnerability exists in the way that Microsoft
  Windows handles specially crafted ASF format files. This vulnerability
  could allow remote code execution if a user opened a specially crafted file.
  If a user is logged on with administrative user rights, an attacker who
  successfully exploited this vulnerability could take complete control of an
  affected system. An attacker could then install programs; view, change, or
  delete data; or create new accounts with full user rights. Users whose
  accounts are configured to have fewer user rights on the system could be
  less impacted than users who operate with administrative user rights.

Windows Media Playback Memory Corruption Vulnerability - CVE-2009-2499

  A remote code execution vulnerability exists in the way that Microsoft
  Windows handles MP3 media files. This vulnerability could allow remote
  code execution if a user opened a specially crafted file. If a user is
  logged on with administrative user rights, an attacker who successfully
  exploited this vulnerability could take complete control of an affected
  system. An attacker could then install programs; view, change, or delete
  data; or create new accounts with full user rights. Users whose accounts
  are configured to have fewer user rights on the system could be less
  impacted than users who operate with administrative user rights.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================