Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Windows

Microsoft patches Windows worm holes, drive-by download flaws

Summary: One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser.

Ryan Naraine

By for Zero Day |

As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated "critical," meaning they can be used to launch remote code execution or worm attacks without any user action.  One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser, Microsoft warned.

Four of the six bulletins include patches for Windows and Windows Server and two affect Microsoft Office products (Excel and Word).

Microsoft is urging Windows users to pay special attention to MS09-065, a "critical" bulletin that patches three documented vulnerabilities in Windows Kernel-Mode drivers.

"We recommend customers prioritize and deploy this update immediately."

That vulnerability only affects Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 (it does not affect Windows Vista or Windows Server 2008 so if you are using either of these platforms, you can lower the deployment priority to a two). The vulnerability was publicly disclosed and could be used to create a malicious web page which could potentially exploit vulnerable systems just by visiting the website. The other two vulnerabilities are Elevation of Privilege (EoP) which would require the attacker to have valid logon credentials in order to be able to exploit.

Microsoft expects to see functional exploit code for this flaw very soon.

This Patch Tuesday also brings:

  • MS09-063 (Maximum severity rating of Critical): Resolves one privately reported vulnerability in Windows, which could allow remote code execution if an affected Windows system receives a specially crafted packet. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • MS09-064 (Maximum severity rating of Critical): Patches one privately reported vulnerability in Windows, which could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system.
  • MS09-066 (Maximum severity rating of Important): This update resolves one privately reported vulnerability in Windows, which could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests.
  • MS09-067 (Maximum severity rating of Important): This update resolves eight privately reported vulnerabilities in Office, which could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
  • MS09-068 (Maximum severity rating of Important): This update resolves one privately reported vulnerability in Office, which could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft also reissued MS09-045 and MS09-051 to address detection and minor problem issues.

On the MSRC blog, Microsoft is offering charts explaining the severity and exploitability of each vulnerability and visual guidance on how to properly prioritize and deploy the updates.

The company's Security Research & Defense Blog offers a technical breakdown of some of the more serious vulnerabilities.

Topics: Windows, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

76 comments
Log in or register to join the discussion

  • Holes

    It is like trying to patch a rotten ship!
    use_linux
    Reply Vote

    • Does that mean Linux is a rotten ship too?

      NT
      The one and only, Cylon Centurion
      Reply Vote

      • If a flaw affects Linux or MacOSX...

        it does not count... in the eyes of the Cult of Stallman or the Cult of Jobs...


        But a flaw affecting Windows counts twice in the eyes of the same neo-religious orders.
        Ceridan
        Reply Vote

        • With such issues

          why is it that the people on each side will always point to extremists to try to validate their own point?

          In case you haven't watched the boards, you have those of the cult of gates that are just as likely to do what you are mocking linux and mac zealots in defending windows.
          Viva la crank dodo
          Reply Vote

        • If a hole affects something you didn't choose...

          ...well, this is not a cult following, but rather the result of being affected by things you didn't choose, that is: 90% of the people don't choose Windows, its get's bundled with the PC they bought.

          So if it has problems, it is serious. Like, for example a problem with a McPherson strut or Michelin tire. You bought a Ford, GM, Chrysler, Toyota, etc, but they bundled (at their convenience) the other third party.

          Think before you post again.
          cosuna
          Reply Vote

          • You are as full of

            crap as anyone I ever saw post. People [b]do [/b] choose Windows. They have the option to Macs, and some do. They have the option of buying a Windows machine and wiping it clean and installing Linux, and some do. They have the option of buying or building a whitebox machine and installing whatever OS they choose, and some do.
            sackbut
            Reply Vote

      • Everything is rotten nowadays.

        The question is; how rotten? I propose we
        measure an OS (or program)'s rottenness on a
        scale of one to ten. One being perfectly secure,
        and ten being Windows.

        This will help people stop viewing security as
        such a black and white picture (e.g. only have
        "perfectly secure" and "as bad as Windows" with
        nothing in between).


        We could call this the "relative suckitude
        scale".
        AzuMao
        Reply Vote

        • lol!

          "One being perfectly secure, and ten being Windows."

          Not entirely fair though. Vista wasn't bad and 7 is at least as decent. The most horrific compromises I've seen recently were Macs.

          Just a couple though, not the daily parade of windows boxes that limp in here, but most of those are PEBCAK, really.

          But those Macs... the only thing the hard drives were good for was target practice. (think "belt buckle") I can almost always recover data and restore a messed up windows box, but the Macs I've seen recently were toast. Very impressive hack.
          pgit
          Reply Vote

        • How much is this on your scale?

          Combine <a href="http://blogs.zdnet.com/hardware/?p=5088">this</a> and <a href="http://secunia.com/advisories/37313/">these</a> and you may get a perfect key logger on your system by virtue of <a href="http://blogs.zdnet.com/security/?p=4885">downloading some ads</a>.

          6) Multiple boundary errors exist in Apple Type Services when handling embedded fonts. These can be exploited to cause buffer overflows and execute arbitrary code when a document containing a specially crafted embedded font is being viewed or downloaded.

          8) Multiple integer overflow errors exist in the CoreGraphics component, which can be exploited to cause heap-based buffer overflows and execute arbitrary code when a specially crafted PDF file is opened.

          22) A weakness in IOKit can be exploited by non-privileged users to update the firmware in an attached USB or Bluetooth Apple keyboard.

          Apple keyboard vulnerable to hack attack
          http://blogs.zdnet.com/hardware/?p=5088.

          Major online ad site hacked, serving up exploit cocktail
          http://blogs.zdnet.com/security/?p=4885

          It just works.
          Earthling2
          Reply Vote
          • First link is a problem with the keyboard, and
            applies to any computer it's plugged into
            regardless of OS.. solution; don't use that
            keyboard. Get one that isn't made of fail.

            Second link are patched vulnerabilities.. did
            you turn off the auto-update?

            Third link are Windows-only vulnerabilities..
            solution: ditch Windows.
            AzuMao
            Reply Vote

        • Re; . . and ten being Windows. Please modify.

          There are more than one version of Windows.

          I would like to suggest that Windows ME should hold the ten.

          Vista / seven has a better standing than XP and especially ME.
          hkommedal
          Reply Vote

          • The scale is for operating systems only.

            ME is a religious symbol belonging to the
            atheists; proof that God is nothing but a myth.
            AzuMao
            Reply Vote

    • And unfortunately most of the world is on that ship <NT>

      And unfortunately most of the world is on that ship <NT>
      robert_rowe@...
      Reply Vote

      • Their choice.

        They don't still have the excuse of "OMG ITZ 2
        HARD TO SWITHC 2 LUNIX!111" anymore.
        AzuMao
        Reply Vote

    • Yeah, all the ships are rotten to some extent

      Thankfully, the Windows ship has emerged as the
      <i>least</i> rotten.

      Consistently - and even though Windows is attacked
      more - Windows needs <i>fewer</i> patches.
      Security and otherwise. <b>Year after year</b>.
      honeymonster
      Reply Vote

      • Fewer patches != better security.

        The unfortunate thing about having more individual patches for Linux is that it seems that Linux is less secure. The truth is that more patches indicates more scrutiny of the potentially offending code.

        Windows can only be attacked by attempting to break code that is known <b>only to MS coders</b> while Linux can be attacked by anyone that can read code. Yet somehow MS suffers from the majority of vulnerabilities that are actually exploited in the real world.

        Sure, you can say that Linux has more patches. But when you compare market percentage, unless Linux has 95 critical vulnerabilities for each and every Windows critical vulnerability, you cannot say that Windows actually needs fewer patches than Linux. The best that you can say is that 95 Windows critical vulnerabilities have not yet been discovered for every Linux critical vulnerability.
        Letophoro
        Reply Vote

        • Exactly

          There's a name for this; security through
          obscurity.

          If the Windows code wasn't hidden from everyone
          but Microsoft themselves, much more dirt would be
          getting dug up on it in the public eye. But it is
          obscured, so many vulnerabilities go unnoticed
          until malicious hackers have already been
          exploiting them for some time.
          AzuMao
          Reply Vote

      • you are dellusional...

        year after year
        ljenux-23043766007667558234416105604265
        Reply Vote

      • It might get patched less..

        ..but when it does, you can be sure it's for
        something big, like remote execution. Where as
        other OSs patch every little problem that crops
        up, no matter how insignificant.


        Oh look, I patched my post just now to correct a
        minor typo.
        AzuMao
        Reply Vote

  • RE: Microsoft patches Windows worm holes, drive-by download flaws

    All OS are subject to "Intrusion by Hacking"... I just can't fathom why some people can not get it into their heads that the more pcs/laptops/servers that use a particular system, the more they are subject to hacking!!!I guess these same people feel that open office is never going to be "attacked" if it continues to be gaining in popularity... sleep weel puppadave
    puppadave
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close