=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN454
_____________________________________________________________________

DATE                      : 12/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003,
                             Windows Vista, Windows Server 2008.

======================================================================
KB969947
http://www.microsoft.com/technet/security/Bulletin/MS09-065.mspx
______________________________________________________________________


Microsoft Security Bulletin MS09-065 - Critical

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code
Execution (969947)

   Published: November 10, 2009

   Version: 1.0

General Information

Executive Summary

   This security update resolves several privately reported vulnerabilities
   in the Windows kernel. The most severe of the vulnerabilities could allow
   remote code execution if a user viewed content rendered in a specially
   crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an
   attacker would have to host a Web site that contains specially crafted
   embedded fonts that are used to attempt to exploit this vulnerability. In
   addition, compromised Web sites and Web sites that accept or host
   user-provided content could contain specially crafted content that could
   exploit this vulnerability. An attacker would have no way to force users
   to visit a specially crafted Web site. Instead, an attacker would have to
   convince the user to visit the Web site, typically by getting them to
   click a link in an e-mail message or Instant Messenger message that takes
   the user to the attacker's site.

   This security update is rated Critical for all supported editions of
   Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important
   for all supported editions of Windows Vista and Windows Server 2008. For
   more information, see the subsection, Affected and Non-Affected Software,
   in this section.

   The security update addresses the vulnerabilities by correcting the method
   used for validating the argument passed to the system call, validating
   input passed from user mode through the kernel component of GDI, and
   correcting the manner in which Windows kernel-mode drivers parse font code.
   For more information about the vulnerabilities, see the Frequently Asked
   Questions (FAQ) subsection for the specific vulnerability entry under the
   next section, Vulnerability Information.

Affected Software

   Microsoft Windows 2000 Service Pack 4
   Windows XP Service Pack 2 and Windows XP Service Pack 3
   Windows XP Professional x64 Edition Service Pack 2
   Windows Server 2003 Service Pack 2
   Windows Server 2003 x64 Edition Service Pack 2
   Windows Server 2003 with SP2 for Itanium-based Systems
   Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service
     Pack 2
   Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and
     Windows Vista x64 Edition Service Pack 2
   Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
     Systems Service Pack 2*
   Windows Server 2008 for x64-based Systems and Windows Server 2008 for
     x64-based Systems Service Pack 2*
   Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
     Itanium-based Systems Service Pack 2

Vulnerability Information
	
Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127

   An elevation of privilege vulnerability exists because the Windows kernel
   does not properly validate an argument passed to a Windows kernel system
   call. An attacker who successfully exploited this vulnerability could run
   arbitrary code in kernel mode. An attacker could then install programs;
   view, change, or delete data; or create new accounts with full user rights.

Win32k Insufficient Data Validation Vulnerability - CVE-2009-2513

   An elevation of privilege vulnerability exists in Windows kernel-mode
   drivers due to improper validation of input passed from user mode through
   the kernel component of GDI. An attacker who successfully exploited this
   vulnerability could run arbitrary code in kernel mode. An attacker could
   then install programs; view, change, or delete data; or create new accounts
   with full user rights.

Win32k EOT Parsing Vulnerability - CVE-2009-2514

   A remote code execution vulnerability exists in the Windows kernel-mode
   drivers due to the improper parsing of font code when building a table of
   directory entries. An attacker who successfully exploited this
   vulnerability could run arbitrary code in kernel mode. An attacker could
   then install programs; view, change, or delete data; or create new accounts
   with full user rights.
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================