Microsoft Security Advisory (2490606)

ronjor · Jan 4, 2011

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

Published: January 04, 2011

Version: 1.0
General Information
Executive Summary

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs
Click to expand...

Microsoft

Page42 · Jan 4, 2011

Interesting Mitigating Factors from the Advisory...

For an attack to be successful, a user must open an attachment that is sent in an e-mail message.
Click to expand...

and

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Click to expand...

These two factors say alot, imo.

siljaline · Jan 4, 2011

The Sans Handler diary entry

Daveski17 · Jan 5, 2011

F-Secure

safeguy · Jan 5, 2011

According to the links, Windows 7 isn't vulnerable to this. I wonder why - as in what's the difference between the Graphics Rendering Engine in 7 and the one in Vista?

MrBrian · Jan 5, 2011

Fix it for workaround described in v1.1 of the security advisory.

Log in or Sign up

Microsoft Security Advisory (2490606)

ronjor Global Moderator

Page42 Registered Member

siljaline Registered Member

Daveski17 Registered Member

safeguy Registered Member

MrBrian Registered Member

Log in or Sign up

Microsoft Security Advisory (2490606)

ronjor Global Moderator

Page42 Registered Member

siljaline Registered Member

Daveski17 Registered Member

safeguy Registered Member

MrBrian Registered Member

Useful Searches