26 Windows, Office holes patched in 13 bulletins

ronjor · Feb 9, 2010

February 9, 2010

by Elinor Mills

Microsoft fixed 26 vulnerabilities in 13 security bulletins as part of its Patch Tuesday, including critical ones for Windows that could be exploited to take control of a computer and one that has resided in the 32-bit Windows kernel since its release 17 years ago.

The top priorities for deployment are bulletins plugging holes in the SMB (Server Message Block) Protocol, Windows Shell Handler, ActiveX via Internet Explorer, DirectShow, and the 32-bit version of Windows, Jerry Bryant, a lead senior security communications manager at Microsoft, wrote in a blog post.
Click to expand...

Article

SmackyTheFrog · Feb 9, 2010

One of the patches is for a remote code exploit in MSPaint. I am at a loss for words.

JRViejo · Feb 10, 2010

Hackers will jump on several of the bugs Microsoft patched today

Some of the bugs Microsoft patched today will be exploited by hackers almost immediately, security researchers predicted.

Microsoft's massive update -- a record-tying 13 separate security bulletins that patched 26 vulnerabilities -- gives attackers all kinds of ways to compromise machines and hijack PCs.

Even Microsoft said so: 12 of the 26 vulnerabilities, or 46% of the total, were tagged with a "1" in the company's exploitability index, meaning that Microsoft figures they will be exploited with reliable attack code in the next 30 days.
Click to expand...

Researchers warn of likely attacks against Windows, PowerPoint by Gregg Keizer.

captainron · Feb 10, 2010

SmackyTheFrog said:

One of the patches is for a remote code exploit in MSPaint. I am at a loss for words.
Click to expand...

unique way to attack a computer but doesn't really surprise me, I've seen scripts that cause adobe to instantly open and exploit adobe, I'm sure similar could be done to mspaint.

interesting info also JRViejo

Rmus · Feb 12, 2010

captainron said:

...I've seen scripts that cause adobe to instantly open and exploit adobe,
Click to expand...

This is because the user's browser is configured to use the Adobe Plugin to open the PDF file in the browser, hence, auto-exploitation. However, the browser can be easily configured to prompt for a download of the file, rather than using the plugin:

Users with such configuration cannot be victims of this type of auto-exploitation from web-based scripts.

captainron said:

...I'm sure similar could be done to mspaint.
Click to expand...

It's not likely that the MSPaint exploit would work with a script in a web page, since JPG files load by default into the browser; otherwise, we wouldn't see JPG images on a web site:

And so, the likely scenario, as Microsoft describes it:

Microsoft Security Bulletin MS10-005
http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx

• By default, when a user double-clicks a JPEG file, the file will be opened in the Windows Picture and Fax Viewer. To exploit the vulnerability, an attacker must convince the user to open the specially crafted file in Microsoft Paint.

• An attacker could send the specially crafted file as an e-mail attachment, but the attacker would have to convince the user to open the attachment in Microsoft Paint in order to exploit the vulnerability.
Click to expand...

You may recall the WMF exploit that targeted a vulnerability in the Windows Picture and Fax viewer , where a web-based script did work, because WMF files do open in that program by default, and not in the browser.

----
rich

berng · Feb 12, 2010

One of the patches (MS10-015: KB977165) had to be recalled. Its causing the BSOD in some XP machines.

http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/73cea559-ebbd-4274-96bc-e292b69f2fd1

http://www.computerworld.com/s/arti...serving_Windows_patch_blamed_for_blue_screens

ronjor · Feb 12, 2010

One of the patches (KB977165) had to be recalled.
Click to expand...

Discussion ongoing here. --> https://www.wilderssecurity.com/showthread.php?t=265213

berng · Feb 12, 2010

Thanks. It seems I was sleeping at the terminal.

I should have known the Wilders bunch would have been on top of this right away.

Log in or Sign up

26 Windows, Office holes patched in 13 bulletins

ronjor Global Moderator

SmackyTheFrog Registered Member

JRViejo Super Moderator

captainron Registered Member

Rmus Exploit Analyst

berng Registered Member

ronjor Global Moderator

berng Registered Member

Log in or Sign up

26 Windows, Office holes patched in 13 bulletins

ronjor Global Moderator

SmackyTheFrog Registered Member

JRViejo Super Moderator

captainron Registered Member

Rmus Exploit Analyst

berng Registered Member

ronjor Global Moderator

berng Registered Member

Useful Searches