Microsoft patches the security update 2823324

windows update[3]Microsoft is making another attempt to close the privilege elevation hole in the NTFS filesystem’s kernel driver for Windows 7 and Server 2008, including R2. The new patch, 2840149, supersedes security update 2823324, which Microsoft released on its April Patch Tuesday.

However, shortly after releasing it, the software giant had to recall the first update because it caused problems with various third-party programs; it crippled computers and triggered error messages. Kaspersky’s anti-virus programs also started acting up once the update was installed, erroneously assuming that they no longer had a valid licence and discontinuing operation. When re-releasing the update, Microsoft didn’t clarify whether this was the reason for the system malfunctioning.

The new patch is already being deployed via Windows Update. Microsoft is offering a bootable recovery disk as an ISO image to customers whose computers have failed to boot since the first patch was installed.

Microsoft to plug holes in Windows Defender in Patch Tuesday

windows update[3]Microsoft’s Patch Tuesday on 9 April will be an important spring cleaning day; the company plans to implement nine security bulletins. One of the bulletins deals with vulnerabilities in Windows Defender for Windows 8 and RT; the hole is rated as important and can be exploited to achieve elevated privileges.

The headline bulletins will be the two critical security holes, one of which affects all versions of Windows and Windows Server, and another critical vulnerability which can be found in all versions of Internet Explorer. Whether the Internet Explorer fix will be addressing the IE vulnerability revealed at the recent Pwn2Own contest is unclear though. Both critical holes allow for remote code execution.

The remaining bulletins have been rated as important and aim to close holes in Windows, Office InfoPath 2010, and Web Apps 2010 Service Pack 1, as well as in server software such as Groove Server and SharePoint. Microsoft says that most of these vulnerabilities allow attackers to elevate their privileges and launch denial-of-service attacks. The patches for Microsoft Office and for the server software will close holes that allow potential attackers to harvest data.

Corss-posted from Heise-Media

Microsoft’s Patch Tuesday will close a critical Windows vulnerability

windows updateThe H-Security: Next week’s Patch Tuesday sees Microsoft planning to publish a total of six bulletins, including one that addresses a critical vulnerability in all versions of Windows from Windows XP service pack 3 to Windows 7 service pack 1 and Windows Server 2008 R2. The rating means that the hole enables attackers to infect a system via the internet and inject malicious code. Other bulletins will address a privilege elevation flaw which affects the same span of Windows versions.

Microsoft also plans to close an important denial of service vulnerability in Windows Server 2003 SP2, 2008 SP2 and 2008 R2. Another bulletin will address a “moderate” denial of service bug which affects Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 and Windows Server 2008 R2. Windows developers will find that an elevation of privilege flaw in Visual Studio 2008 and 2010 is also addressed. All versions of another development tool, Microsoft Expression Design, will also receive a fix for an important remote code execution flaw in the application.

Microsoft’s Patch Tuesday fixes critical vulnerabilities


The H-Online: As expected, Microsoft has released nine bulletins to close a total of 21 holes in its products. Four of the bulletins close critical vulnerabilities in Windows, Internet Explorer, .NET and Silverlight, including an issue in the Windows kernel-mode drivers that became publicly known in December of last year.

The company advises those responsible for prioritizing update deployment to focus on the critical patches for Internet Explorer and the C Runtime Library in Windows, as these could be exploited by an attacker to remotely execute arbitrary code on a victim’s system. For an attack to be successful, a user must first visit a malicious web page or open a specially crafted file. The other critical bulletins fix issues in .NET and Silverlight, as well as the Windows kernel. Microsoft notes that it has yet to see any active attacks exploiting these issues in the wild.

Rated as “important”, the remaining five bulletins correct a number of remote code execution and privilege escalation issues. These include a total of six vulnerabilities in SharePoint and the Ancillary Function Driver in Windows that could be used to allow elevation of privileges. Five holes in the Windows Color Control Panel, an issue in the Indeo Codec included with Windows, and five problems in Visio Viewer – part of Microsoft Office – that could be used to remotely execute code have also been closed.

An overview of all of these updates, including descriptions about each of the vulnerabilities, can be found Microsoft Security Bulletin Summary for February 2012.

According to reports, the updates to the Microsoft Windows Malicious Software Removal Tool (MSRT) and the company’s Forefront security products, which were released at the same time as Microsoft’s Patch Tuesday security updates, result in a false positive malware warning on Following the updates, when visiting in Internet Explorer, users receive a warning that a potential threat has been detected, specifically Exploit:JS/Blacole.BW; those using Firefox only reportedly see a warning after a search is initiated, and Chrome and Opera are said to be unaffected.

Patch Tuesday – Minor movements…

Hey Admins…. It’s that time again. The second Tuesday is upon us and May so far hasn’t been demanding as far as patching goes.

So far …. this month Microsoft has only issued two security announcements. MS10-030 and MS10-031. Microsoft has rated both as critical – and both could result in remote code being executed.

MS10-030 resolves an integer overflow in POP3 & IMAP mail responses to Outlook Express and Windows Mail…. MS10-031 addresses a stack memory corruption related to the way that “Visual Basic for Applications” searches for ActiveX components, when host applications provide specially crafted files to the Visual Basic runtime.

Adobe and Apple haven’t issued any security updates in May yet.

Apple’s last security update was on April 15th when they issued Security Update 2010-003 for OSX 10.5 and 10.6. ( 2010-003 addressed an issue with handling embedded fonts that could result in RCE )( see CVE-2010-1120 for more details )

Adobe’s last update was APSB10-10 on April 30th. APSB10-10 resolves issues in Photoshop CS4 (v11.0.0 ) for both Mac and Windows variants.   Issues with Photoshop’s handling of specially crafted .TIFF files could lead to remote code execution ( see CVE-2010-1279 for more details ).

Plenty of Updates on Patch Tuesday

microsoft_logo Many patches are announced for tomorrow: The Redmond company expects to release 11 security bulletins. Of those 5 are rated critical, 5 important and 1 moderate. The patches belonging to the bulletins will close 25 security vulnerabilities in Windows, Exchange and in Office.

acrobat_logo Adobe plans to deliver security updates for critical vulnerabilities in Adobe Reader and Acrobat for all supported platforms tomorrow. Additionally, the automatic updater will be activated with the patches so in future updates get installed silent.

Adobe Patch Tuesday news: auto updater coming

Adobe has announced that it will release an updater along with Adobe Reader and Acrobat versions 9.3.2 and 8.2.2 on patch Tuesday next week.

On the Adobe blog, Steve Gottwals wrote: “…we have been testing a new updater technology with select beta customers since our October 13, 2009 quarterly update. The purpose of the new updater is to keep end-users up-to-date in a much more streamlined and automated way.

“During our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers. This allowed us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. That beta process has been a successful one, and we’ve incorporated several positive changes to the end-user experience and system operation. Now, we’re ready for the next phase of deployment.”

Users can set an “Automatically install updates” control or not, as they wish.

Blog entry Here.

Given the attention that malcode creators have lavished on Adobe products recently, an updater to go along with regular “patch Tuesday” updates will certainly help us all have a good “end-user experience.”

Patch Tuesday next week

Microsoft has put the PC-using world on notice that next Tuesday there will be 11 bulletins released addressing 25 vulnerabilities in Windows, Exchange and Office.

Jerry Bryant, Group Manager of Microsoft’s Response Communications, said: “I also want to point out to customers that we will be closing the following open Security Advisories with next week’s updates:

— Microsoft Security Advisory 981169 – Vulnerability in VBScript could allow remote code execution.

— Microsoft Security Advisory 977544 – Vulnerability in SMB could allow denial of service”

Advance notice here.

It’s not dead yet: Microsoft’s out-of-band IE6 fix impacts IE8

Last month, Microsoft sent flowers to a mock funeral for Internet Explorer 6, in a show of support for the ideal that the old browser should be declared defunct worldwide. But for a few years yet, the company is still bound to support the product for those users (generally businesses) who refuse to upgrade it. That’s why new exploits that continue to target old browsers, such as IE6 and IE7, continue to get attention even a full year after the proper security fix — IE8 — has been deployed.

One of the libraries that, among other functions, helps IE to print is the target of an exploit released to the wild earlier this month. The exploit creatively overloads the system with JavaScript variables, then places function calls to IEPEERS.DLL. Once the library is effectively crashed, its used memory isn’t cleaned up, enabling binary code seeded into that memory to be executed — a classic use-after-free scenario.

Although various IE8 and Vista-era architectures protect Windows users from this scenario, Microsoft’s security team said today it will take the unusual step of issuing an out-of-band update tomorrow, two weeks ahead of the usual Patch Tuesday. The update will also serve as a “cumulative roll-up,” adding nine other fixes that had been planned for April 13.

Microsoft has said that Data Execution Prevention in IE8 is one of the effective workarounds for this exploit, at least until tomorrow. But the US Homeland Security Dept.’s US-CERT agency warns that DEP is only a partial fix, saying, “DEP should not be treated as a complete workaround, but DEP can mitigate the execution of attacker-supplied code in some cases.” US-CERT suggests that users instead disable Active Scripting, one of the perennially sensitive elements of the old ActiveX system.

Internet Explorer 0-day targeted in spam runs

Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806).

Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link.

  • the tried and tested “delivery failed, please confirm address details” messages
  • request for details confirmation for insurance quote

Example messages are shown below.

In either case, clicking on the link takes the victim to a web page which kickstarts the infection process.

Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected.

If you are an IE user and have not yet upgraded to version 8, take a hint! It is strongly recommended that you do so. Aside from not being affected from this particular issues, there are a whole bundle of other security related features you are missing out on otherwise.