Microsoft finally fixes Pwn2Own browser flaw

Microsoft finally fixes Pwn2Own browser flaw

Summary: The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.

SHARE:

The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.

Three of the bulletins are rated "critical" because of the risk of remote code execution attacks.  Affected products include the Windows operating system, Microsoft Office, the Internet Explorer browser and Internet Information Services (IIS).

This month's patch batch also provides cover for a known cross-site scripting flaw in the Microsoft SharePoint Server and a publicly discussed data leakage hole in Internet Explorer.

Microsoft is urging its users to pay special attention to MS10-033  (Windows), MS10-034 (ActiveX killbits) and MS10-035 (Internet Explorer) because these contain fixes for issues that may be exploited by malicious hackers very soon.

Here's the skinny on these three bulletins:

  • MS10-033 -- This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. This is rated Critical for Quartz.dll (DirectShow) on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; Critical for Windows Media Format Runtime on Microsoft Windows 2000, Windows XP, and Windows Server 2003; Critical for Asycfilt.dll (COM component) on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Important for Windows Media Encoder 9 x86 and x64 on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • MS10-034 -- This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.  The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. It also includes kill bits for four third-party ActiveX controls.
  • MS10-035 -- Fixes five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.This security update is rated Critical for Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers.

Qualys CTO Wolfgang Kandek noticed that four of the 10 bulletins address zero-day issues, the most significant being MS10-035, which fixes the zero-day published by Core Security for an information disclosure vulnerability originally published in February 2010.

It also fixes the Pwn2Own vulnerability that security researcher Peter Vreugdenhil used to win ZDI’S competition at CanSecWest.  During that contest, Vreugdenhil bypassed all built-in protections such as DEP and ASLR by combining multiple flaws and attack methods.

The MS10-040 bulletin is also interesting.  It covers a a remotely exploitable vulnerability in all versions of IIS, but it is present only if the administrator has downloaded and installed the Channel Binding Update and enabled Windows Authentication. It further requires an account on the system, reducing the number of vulnerable hosts to a small subset.  Microsoft rates this an "important" update.

Topics: Security, Browser, Hardware, Microsoft, Operating Systems, Servers, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

47 comments
Log in or register to join the discussion
  • Safari on OS X

    I'm glad I use Safari on OS X, I'm immune to such flaws!

    I feel sorry for the Windows users who approach every Patch Tuesday with immense fear and trembling!
    Trolleur
    • Likewise

      @Trolleur
      I'm glad I use Chrome on Windows, I'm immune to all of these flaws:
      http://www.zdnet.com/blog/security/apple-plugs-48-safari-webkit-security-holes/6623?tag=content;search-results-rivers

      PS There were 48 flaws in Safari [b]ALONE[/b], only 34 flaws in all of Windows and associated bits [b]COMBINED[/b]. :)
      NonZealot
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @NonZealot Lol, number of patched flaws != number of flaws.
        Just because someone refuses to patch security holes does not mean they don't exist. Your logic makes no sense. By your logic, you should switch to Windows 95, it has no flaws (or at least patches for flaws) recently.

        I guess I am not sure about the number of flaws, and you may be right that mac has more, I just wanted to point out that patches != flaws. Also, no I am not a Mac user.
        Patrick Aupperle
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @NonZealot To refresh youe memory (if there be one) Chrome is very vulnerable to ANY attack
        texasbrat2@...
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @NonZealot

        Microsoft does not patch security bugs what it has find in its internally tests. It only patch security bugs what are found by third party. Microsoft keeps all security bugs in secret as long as it can and fix them then in next service pack, behind the curtains. This way Microsoft gets better "open bug summaries".

        Example, Microsoft know 7 months the security bug what was used against Google. IT DID NOT FIX IT FOR 7 MONTHS!

        And again few months ago Microsoft was caucht (not the first time) for patching security bugs what it did not inform in kb at all.

        The IT-admins can not know at all what patch fix what. They need to install all patches because Microsoft can patch stuff behind curtains. And among long time experiences IT-admins is well know that when Microsoft release Service Pack, it can fix on it few hundred security and other bugs. Service Pack is not just a package of all patches released to that time and few new features. It is Microsoft's package of secret patches. And no one can notice anything clearly from it because it is so big and touch so many files in the software system.
        Fri13
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @NonZealot Thanks for sharing. i really appreciate it that you shared with us such a informative post..
        <a href="http://www.papermoz.com/assignments/">Assignments</a> <a href="http://www.papermoz.com/dissertations/">Dissertations</a> <a href="http://www.papermoz.co.uk/essays/">Essay Writing</a>
        disturbforce
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @NonZealot The difference between the right word and the almost right word is really a large matter ??? it's the difference between a lightning bug and the lightning.
        <a href="http://www.logodesignpros.com/logo-design-pros/affiliate_program.asp">Logo Design Pros</a> <a href="http://www.topconsumerreviews.com/logo-design/">Logo Design Pros</a>
        nestdrive
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        Thank you so much for informing us about somethign like this "Qualys CTO Wolfgang Kandek noticed that four of the 10 bulletins address zero-day issues, the most significant being MS10-035, which fixes the zero-day published by Core Security for an information disclosure vulnerability originally published in February 2010." keep it up...

        <a href="http://www.rentalprotectionagency.com/tenant-screening.php">Renter Background Check</a>
        apollosan
    • RE: Microsoft finally fixes Pwn2Own browser flaw

      @Trolleur if you are immune to such silliness why did Apple plug 48 Safari web kit holes. must have just been user interface improvements
      JustAITGuy
    • RE: Microsoft finally fixes Pwn2Own browser flaw

      i'm glad u dont think there are exploits for unix. Even glad'r u most likely dont know you are running unix.
      ignorance is why virus stay healthy and abundant.
      and yes IE and MS os are major security holes, but to think you are protected is absurd....
      bspurloc
    • I lol at you

      @Trolleur
      I think your name denotes what you actually are. A troll. If you feel that Macs are immune to viruses... ha. ha. ha. I'll remind you that the winner of one of those who-can-hack-the-computers-the-fastest contests like CanSecWest hacked the Mac in 1 second. Simply drive by download and he took full control of the Mac. Using Safari.
      It's people like you that make me *want* to learn how to hack Macs, just so I can make you all eat your words >_>.

      And if you find a Windows user that approaches every Patch Tuesday with immense fear and trembling, let me know; because I know no one like that. Either the people don't care and updates automatically happen, or, like me, they know what they're doing and Patch Tuesdays are more of a formality and an annoyance that we must restart our PCs than any substantial thing.
      D2 Ultima
      • 1 second???

        @D2 Ultima

        Get a clue D2... You can't hack anything in 1 second....

        I would actually love to see some idiot write a real virus for OSX... That person would be public enemy number 1 among the hacker community. They would quickly learn the real meaning of pain... Mac OS X is a certified UNIX OS... Fully compliant... Any idiot who writes a virus that can affect OSX has just written a virus that can attack any flavor of UNIX...

        Hackers run UNIX... Not Win-Blows...

        Are you starting to understand why there hasn't been a real virus written for OSX???

        Only malware... Socially engineered malware... None of which is a real virus... Malware that some idiots refer to as trojans, but renaming an install package, does not a trojan make...

        Hacking and writing/coding virii are two entirely different things... Confusing the two makes you look like a moron.
        i8thecat
      • I wish I still had the link

        @i8thecat
        Oh please. I might be exaggerating 1 second, but he finished it the fastest and got to keep the macbook pro he took complete remote control over. The mac was the fastest hacked OS in the competition; faster than Windows XP. Also, someone that can hack Mac OS X will not be the public enemy number 1. You're giving Macs too much credit. Nobody cares about Macs on a large scale; which is why people don't actively write viruses for them. And if Macs had this great "UNIX certification" which meant they cannot write a virus for it, then why does apple keep updating and plugging security holes, and why are Antivirus software being written for Mac OSes? Just because people do not use it, doesn't mean that there's never a need for it. Large corporations running Macs wouldn't be caught dead without a working Antivirus if their IT staff was worth their salt. And yes I know there are large corporations that use Macs. I'm not that stupid to think Windows is 100% large scale use.
        D2 Ultima
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @D2 Ultima
        i8thecat is correct. It wasn't 1 second. It was done in under 20 seconds.. still faster hacked than any other platform. And it took another 20 seconds for them to lift the SMS database off of an iphone on top of that.
        rengek
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @D2 Ultima "the real meaning of Pain"? "Public enemy number 1"?

        You've got a wildly distorted view of the security landscape.
        rtk
    • RE: Microsoft finally fixes Pwn2Own browser flaw

      @SoYouSaid

      *yeah
      *we're
      The one and only, Cylon Centurion
    • RE: Microsoft finally fixes Pwn2Own browser flaw

      @Trolleur
      Lets not forget the 800mb patch apple released the week after pwn2own. 800mb.
      rengek
    • RE: Microsoft finally fixes Pwn2Own browser flaw

      @Trolleur Yes, but are you immune to Apple's wonkiness? I feel sorry for people who don't know how to use a grown-up computer!
      Shiggity
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @Shiggity

        I'm hoping you're talking about Linux. Otherwise, you're talking about the machine that advertised itself fairly recently with little kids at the keyboard.

        Not exactly grown up, now is it?
        tmsbrdrs
      • RE: Microsoft finally fixes Pwn2Own browser flaw

        @Shiggity

        I'm hoping you're talking about Linux. Otherwise, you're talking about the machine that advertised itself fairly recently with little kids at the keyboard.

        Not exactly grown up, now is it?
        tmsbrdrs