Microsoft’s shiny new Internet Explorer 9 browser contains critical security vulnerabilities that expose users to drive-by download attacks, the company warned today.
The IE warning highlights this month’s batch of security patches from Microsoft where the company shipped eight security bulletins (two critical, six important) to cover gaping holes in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG and Microsoft Host Integration Server.
According to Microsoft, the IE vulnerabilities could be exploited if a user simply surfs to a maliciously rigged website.
The IE update (MS11-081), available for all users or Microsoft Windows and all versions of Internet Explorer, covers at least eight documented security holes in the world’s most widely used browser.
The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The update fixes the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and the way that Internet Explorer allocates and accesses memory, Microsoft explained.
Microsoft is urging all Windows users to treat this with the utmost priority because of the likelihood of reliable exploit code within 30 days. Malicious hackers typically reverse-engineer the patches to identify the flaws and write exploits immediately to launch malware attacks.
The second “critical” update (MS11-078) addresses a vulnerability in .NET Framework and Microsoft Silverlight that could expose users to remote code execution attacks.
The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Microsoft warns that a victim could be exploited if he/she browses to a malicious webpage with aSilverlight-enabled browser.
As with the IE patch, Microsoft exploits to see “reliable exploits” for Silverlight 3 over the next 30 days.
The company also raised an alert for a third bulletin (MS11-077) that covers at least four documented vulnerabilities in Windows kernel-mode drivers (Win32k.sys).
The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment, the company explained.
The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode drivers validate input passed from user mode, handle the TrueType font type, allocate the proper buffer size before writing to memory, and manage kernel-mode driver objects.
This month’s Patch Tuesday batch also covers five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL.
It also provides fixes for a solitary flaw in the Microsoft Windows Ancillary Function Driver (AFD) and two publicly disclosed vulnerabilities in Host Integration Server.
The Host Integration Server vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478.
