Patch Tuesday recap: Exploits expected for Windows security holes

Patch Tuesday recap: Exploits expected for Windows security holes

Summary: Microsoft urging customers to pay special attention to two "critical" issues that can be remotely exploited to take complete control of an unpatched computer. The flaws can be remotely attacked via booby-trapped print requests or maliciously rigged MPEG files.

SHARE:
TOPICS: Security, Microsoft
6

Microsoft has shipped nine security bulletins with patches for at least 11 documented vulnerabilities in Windows and Microsoft office and is urging customers to pay special attention to two "critical" issues that can be remotely exploited to take complete control of an unpatched computer.

The two vulnerabilities, patched with MS10-061 and MS10-062, can be remotely attacked via booby-trapped print requests or maliciously rigged MPEG files.

Microsoft expects to see exploit code posted publicly for these vulnerabilities within the next 30 days, raising the likelihood that attacks will be seen in the wild very soon.follow Ryan Naraine on twitter

One of the flaws -- in  the Windows Print Spooler Service -- has already been exploited during the sophisticated Stuxnet zero-day worm attack.

Some important details on that bug:

The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC.  It is caused when the Windows Print Spooler insufficiently restricts user permissions to access print spoolers.

An attacker could exploit this vulnerability by crafting and sending a malicious print request to a vulnerable system that has a print spooler interface exposed over RPC. The target system would not properly validate whether the remote user has sufficient permissions, and permit the remote attacker to create a file in a Windows system directory. When dropped in particular locations, these files may be automatically executed by the system.

Microsoft says workstations and terminal servers that share a printer, or print servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.

This issue is only rated critical on Windows XP systems.

The second critical vulnerability being called out this month is MS10-062, which addresses a vulnerability in the MPEG-4 codec.

The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

The MPEG-4 issue is rated Critical for all supported editions of Windows XP, Windows Server 2003 (except Itanium-based editions), Windows Vista, and Windows Server 2008.

In all, this month’s bulletin package includes four Critical and five Important updates. It affects Microsoft users running Windows, Internet Information Services (IIS) and Microsoft Office.

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • RE: Patch Tuesday recap: Exploits expected for Windows security holes

    The effect won't be that bad if there is any effect at all. Home users have Windows Update set to automatically download and install. Corporate users are behind firewalls and will be pushing the patches out. That doesn't leave anyone left. I gotta say, I like seeing the exploiters behind the times though. They can't make an exploit until after they get some details and after Microsoft fixes the issues. Always one step behind.
    Loverock Davidson
    • RE: Patch Tuesday recap: Exploits expected for Windows security holes

      @Loverock Davidson: I guess you missed this part:
      "One of the flaws ? in the Windows Print Spooler Service ? has already been exploited during the sophisticated Stuxnet zero-day worm attack."
      anothercanuck
  • RE: Patch Tuesday recap: Exploits expected for Windows security holes

    Installed windows updates on win xp, and voila, can't print to any network printer.
    acewoman
  • RE: Patch Tuesday recap: Exploits expected for Windows security holes

    lol what both you and the author forgot to mention was that both of these vulnerabilities work directly through flash media player and can be blocked very easily.sorry that was @ anothercanuck
    trundor1@...
    • RE: Patch Tuesday recap: Exploits expected for Windows security holes

      @rbslack@...

      I just read both MS bulletins, no mention of flash. The only thing it mentions is MPEG-4 (which is not flash), do you have some special insight? Spreading misinfomation is not the answer.
      jakenhauser23
  • Terrorism financed by Superpowers

    Using Windows is like wiretapping your home.
    Anyway hey, u got nothing to hide righhhht ?
    That's the future.
    neeeko