Patch Tuesday: Microsoft plugs 'drive-by download' security holes

Patch Tuesday: Microsoft plugs 'drive-by download' security holes

Summary: Microsoft released two bulletins today with patches for three security holes affecting all versions of the Windows operating system.

SHARE:

Microsoft released two bulletins today with patches for three security holes affecting all versions of the Windows operating system.

The most serious of the vulnerabilities could be exploited in drive-by downloads via maliciously rigged web sites, according to a warning from the software vendor.

The drive-by download flaws, covered in MS11-002, were reported to Microsoft via TippingPoint Zero Day Initiative, a program that purchases vulnerability data from private researchers.follow Ryan Naraine on twitter

The bulletin documents at least two separate vulnerabilities in MDAC (Microsoft Data Access Components) and warned that there are security problems in the way MDAC validated third-party API usage and memory allocation.

Microsoft rates this a "critical" issue for all supported editions of Windows XP, Windows Vista, and Windows 7.   On Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, the severity is downgraded to "important."

The second bulletin (MS11-001) covers a publicly disclosed vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file, Microsoft said.

For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.

The vulnerability is rated "important" and only applies to Windows Vista.

Qualys CTO Wolfgang Kandek provides more details on this issue:

MS11-001 provides a patch for a DLL-preloading issue in the Windows Backup Tool. It is rated important and is only applies to Windows Vista. While DLL preloading is an old systemic issue in Windows and many other operating systems, it gained new attention in August of last year, when many vulnerable applications were identified. Secunia maintains a list of Microsoft and 3rd party applications that have been shown vulnerable to the DLL preloading attacks. The list has over 200 vulnerable programs at and includes the Vista Backup vulnerability that is being fixed today (SA41122). Given the scope of the DLL preloading vulnerabilities we highly recommend implementing the work-around that Microsoft describes in Security Advisory 2269637 and KB2264107, which neutralizes the most common attack vectors on the operating system level.

Despite this month's relatively light Patch Tuesday, it's important for Windows users to note that there are at least five publicly documented issues that were NOT addressed this month.  These include security problems in Internet Explorer and Windows graphics rendering.  More to come...

Topics: Windows, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

    Hah! Take that exploiters!
    Loverock Davidson
    • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

      @Loverock Davidson
      Although an available fix is nice, it won't stop exploiters on people who don't patch.
      Cyrorm
    • Not important for some

      "it?s important for Windows users to note that there are at least five publicly documented issues that were NOT addressed this month."

      Exploiters must be furious!
      Richard Flude
    • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

      @Loverock Davidson At least 5 more publicly disclosed and unpatched exploits with months to go before they will be patched. Add in all those that have not been disclosed but are being exploited while you read.<br>(sarcasm)<br> Ah, the joys of using such a "secure" OS!<br>(/sarcasm)<br><br>Tags inserted for the hard of thinking.
      DNSB
    • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

      @Loverock Davidson

      you count it good that only 3 out of 8 actually got a fix?
      erik.soderquist
  • If nothing else...

    Thank you for focusing on something else other than the iPhone.
    SonofaSailor
    • Hey Kettle....

      @SonofaSailor <br><br>Does everything you post have to be about iPhone or Verizon???

      LOL...
      i8thecat
      • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

        @i8thecat Given recent items where the iPhone/Verizon story has been treated with the importance of SETI actually making contact?
        DNSB
  • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

    Thanks for the alert. Concise. What it does. What it doesn't. And a new term for my jargon-stash, "drive by download".
    Geosota
  • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

    No, the did not plug anything.
    james347
  • So much for the EMET hype

    If something from M$ is too good to be true, it probably is.
    ahh so
  • RE: Patch Tuesday: Microsoft plugs 'drive-by download' security holes

    Plug away MS, will do you no good.
    james347