=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN452
_____________________________________________________________________

DATE                      : 12/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Vista, Windows Server 2008 running
                             Web Services on WSDAPI.

======================================================================
KB973565
http://www.microsoft.com/technet/security/bulletin/ms09-063.mspx
______________________________________________________________________


Microsoft Security Bulletin MS09-063 - Critical

Vulnerability in Web Services on Devices API Could Allow Remote Code
Execution (973565)

   Published: November 10, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in the
   Web Services on Devices Application Programming Interface (WSDAPI) on the
   Windows operating system. The vulnerability could allow remote code
   execution if an affected Windows system receives a specially crafted
   packet. Only attackers on the local subnet would be able to exploit this
   vulnerability.

   This security update is rated Critical for all supported editions of
   Windows Vista and Windows Server 2008. For more information, see the
   subsection, Affected and Non-Affected Software, in this section.

   The security update addresses the vulnerability by correcting the
   processing of headers in WSD messages. For more information about the
   vulnerability, see the Frequently Asked Questions (FAQ) subsection for
   the specific vulnerability entry under the next section, Vulnerability
   Information.

Affected Software

   Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service
     Pack 2
   Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and
     Windows Vista x64 Edition Service Pack 2
   Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
     Systems Service Pack 2*
   Windows Server 2008 for x64-based Systems and Windows Server 2008 for
     x64-based Systems Service Pack 2*
   Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
     Itanium-based Systems Service Pack 2

   *Server Core installation affected

Vulnerability Information

Web Services on Devices API Memory Corruption Vulnerability - CVE-2009-2512

   A remote code execution vulnerability exists in the Web Services on
   Devices API (WSDAPI) on Windows systems. The vulnerability is due to the
   service not properly handling a WSDAPI message with a specially crafted
   header. An attacker who successfully exploited this vulnerability could
   take complete control of an affected system.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================