Assessing the risk of the September Critical security bulletins

This morning we released five security bulletins, all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of “1” (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your deployment this month. The following table…

0

MS09-029: Vulnerabilities in the EOT parsing engine

Today we released MS09-029, which addresses vulnerabilities related to EOT font files. To answer a few commonly asked questions, here is a brief FAQ regarding the update: Q: What is the EOT file format?A: EOT stands for Embedded OpenType Font. EOT support in Microsoft applications has existed for many years. It allows the fonts used…

0

Prioritizing the deployment of the April security bulletins

We just released eight security bulletins, five of which are rated Critical on at least one platform. We built a reference table of bulletin severity rating, exploitability index rating, and attack vectors. This table is sorted first by bulletin severity, next by exploitability index rating, and then by bulletin number. We hope it helps you…

0

MS09-014: Addressing the Safari Carpet Bomb vulnerability

Following up on Security Advisory 953818, today we released MS09-014, rated as Moderate, which addresses aspects of the Safari Carpet Bomb vulnerability. On a Windows operating system this vulnerability allows an attacker, through Safari, to drop arbitrary files on a user’s desktop. As of Safari 3.1.2 Apple has removed this behavior from Safari. Why is…

0

MS09-012: Fixing “Token Kidnapping”

This morning we released MS09-012, an update to address the publicly-disclosed issue commonly referred to as Token Kidnapping (http://www.argeniss.com/research/TokenKidnapping.pdf). This vulnerability allows escalation from the Network Service account to the Local System account. Normally malicious users are not running as Network Service, except for a very few programs like IIS, where arbitrary code can be…

0

Service isolation explanation

The past few days, we have had service isolation on our minds here in Redmond after the POC code posting last week from Cesar Cerrudo.  Nazim Lala from the IIS team posted a great blog entry about the fix and why it is taking so long to release it.  I expect it to be close…

0

Why there won’t be a security update for WkImgSrv.dll

Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/).   At first glance the issue sounds serious, right? Upon further investigation,…

0

MS08-001 – The case of the missing Windows Server 2003 attack vector

Part 3 of our MS08-001 blog post series mentioned that Windows Server 2003 does not expose an attack vector to the vulnerable IGMP code execution vulnerability by default.  Windows XP and Vista enable UPnP (Universal Plug-and-Play) which exposes an attack vector to the vulnerable code but Windows Server 2003 does not enable UPnP.  As a…

0