MS11-034: Addressing vulnerabilities in the win32k subsystem

Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly large number of issues. However, if you dig into the issues themselves,…

0

MS10-048 an explanation of the Defense in Depth fixes

Today we released several fixes on MS10-048 affecting the win32k.sys kernel component. The most severe vulnerability allows a local user to perform an authenticated elevation of privileges, with no possible remote vector.   This update also includes several “Defense in Depth” measures that correct potential integer overflows in unrealistic scenarios. In this blog post we…

0

Assessing the risk of the June Security Bulletins

Today we released ten security bulletins.  Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important.  We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Rating Likely first…

0

MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

Today we released a security update rated Important for CVE-2010-1255 in MS10-032.  This vulnerability affects the win32k.sys driver.  This blog post provides more information about this vulnerability that can help with prioritizing the deployment of updates this month.   What’s the risk?    A local attacker could write a custom user-mode attack application that passes…

0

Latest Baidu public posting requires Adminisrator to elevate

Last night we noticed a Windows XP kernel 0day claim in win32k!NtUserConsoleControl posted on baidu.com. We took a quick look and found that the issue requires administrator privileges to execute. We are still investigating, looking for any chance of privilege escalation but so far it looks like a reliability issue, not a security vulnerability. And…

0

MS08-061 : The case of the kernel mode double-fetch

MS08-061 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector based on our investigation of the vulnerability. One of these vulnerabilities involves multiple kernel mode accesses of user mode data leading to an interesting race condition.  When…

0

MS08-025: Win32k vulnerabilities

MS08-025 addresses several vulnerabilities in win32k.sys where you can execute arbitrary code in kernel mode. These bugs can only be exploited locally and there is no remote vector we are aware of. One of these vulnerabilities deals on how we can bypass some of the ProbeForWrite and ProbeForRead checks when using user supplied memory pointers….

0