X
Business
Home Business Enterprise Software

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Microsoft today dropped a mega patch bundle with fixes for several "critical" vulnerabilities affecting the Windows platform and warned that "consistent, reliable exploit code" was likely to be released within 30 days.The Redmond, Wash.
Written by Ryan Naraine, Contributor

windowslogo.jpg
Microsoft today dropped a mega patch bundle with fixes for several "critical" vulnerabilities affecting the Windows platform and warned that "consistent, reliable exploit code" was likely to be released within 30 days.

The Redmond, Wash. software maker released nine bulletins -- five rated critical -- to provide cover for a total of 19 documented security vulnerabilities.   Of the nine updates, eight affect Windows and one affects Office Web Components (OWC).

The raw data:

  • MS09-036 (Important): This update addresses one documented vulnerability in the Microsoft .NET Framework component of Microsoft Windows.  This could allow denial-of-service attacks.
  • MS09-037 (Critical): Five privately reported vulnerabilities in Microsoft Active Template Library (ATL).   Hackers could exploit these flaws to launch remote code execution.  Consistent, reliable exploit code likely within the month.
  • MS09-038 (Critical): Covers two privately reported vulnerabilities in Windows Media file processing, which could allow remote code execution.
  • MS09-039 (Critical):  This bulletin addresses two privately reported vulnerabilities in the Windows Internet Name Service (WINS).  These issues could lead toremote code execution attacks and exploit code is likely to be released soon.
  • MS09-040 (Important): This patches a privately reported vulnerability in the Windows Message Queuing Service (MSMQ), which could allow elevation of privilege. Reliable Exploit code likely.
  • MS09-041 (Important): Covers a privately reported vulnerability in the Windows Workstation Service, which could allow elevation of privilege.  Reliable exploit code likely for this flaw.
  • MS09-042 (Important): This update resolves a publicly disclosed vulnerability in the Microsoft Telnet service, which could allow an attacker to obtain credentials.
  • MS09-043 (Critical): This covers four privately reported vulnerabilities in Microsoft Office Web Components, which could allow remote code execution.
  • MS09-044 (Critical): This update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection, which could allow remote code execution.

This chart from Microsoft (click image for full size) shows where consistent, reliable exploit code is likely:

aug09sevsummary.jpg

For more information, see this entry on the MSRC blog.  Over on Theatpost, Shavlik's Eric Schultz digs deeper into the vulnerabilities and patches.

Editorial standards
Show Comments

Related

Private space Android 15

Android 15 unveiled: Here are 8 exciting (or handy) features coming to your phone

GOTRAX 4 electric scooter

One of the most gorgeous sports watches I've tested also has week-long battery life

A sample .bash_aliases file.

Try these Linux bash aliases for more efficient use of the command line