Microsoft has shipped nine security bulletins with patches for at least 11 documented vulnerabilities in Windows and Microsoft office and is urging customers to pay special attention to two “critical” issues that can be remotely exploited to take complete control of an unpatched computer.
The two vulnerabilities, patched with MS10-061 and MS10-062, can be remotely attacked via booby-trapped print requests or maliciously rigged MPEG files.
Microsoft expects to see exploit code posted publicly for these vulnerabilities within the next 30 days, raising the likelihood that attacks will be seen in the wild very soon.
One of the flaws — in the Windows Print Spooler Service — has already been exploited during the sophisticated Stuxnet zero-day worm attack.
Some important details on that bug:
The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. It is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers.
An attacker could exploit this vulnerability by crafting and sending a malicious print request to a vulnerable system that has a print spooler interface exposed over RPC. The target system would not properly validate whether the remote user has sufficient permissions, and permit the remote attacker to create a file in a Windows system directory. When dropped in particular locations, these files may be automatically executed by the system.
Microsoft says workstations and terminal servers that share a printer, or print servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.
This issue is only rated critical on Windows XP systems.
The second critical vulnerability being called out this month is MS10-062, which addresses a vulnerability in the MPEG-4 codec.
The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
The MPEG-4 issue is rated Critical for all supported editions of Windows XP, Windows Server 2003 (except Itanium-based editions), Windows Vista, and Windows Server 2008.
In all, this month’s bulletin package includes four Critical and five Important updates. It affects Microsoft users running Windows, Internet Information Services (IIS) and Microsoft Office.
