Microsoft Patch Day: is that all?

Discussion in 'other security issues & news' started by Repne movsb, Dec 15, 2010.

Thread Status:
Not open for further replies.
  1. Repne movsb

    Repne movsb Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    13
    http://www.prevx.com/blog/165/Microsoft-Patch-Day-is-that-all.html
     
  2. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks Repne movsb for share :) MS should have released a fix for win32k.sys stack overflow vulnerability too.
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Thanks! It's nice that Microsoft only chooses the fixes that they want and leave us open to exploit holes they know about for months!

    TH
     
  4. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    I don't know but since tuesday, they have a patch for the buffer overflow kernel vulnerability in win32k.sys...

    From this bulletin... http://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx

    clicking on a link MS10-098

    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
     
  5. Repne movsb

    Repne movsb Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    13
    Those updates are not related to the exploit the article is writing about
     
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    That patch to the kernel mode driver- win32k.sys seems like it. But the way to be sure of is to test the exploit like the way ssj100 did (do before and after patching and see the results)... -http://ssj100.fullsubject.com/security-f7/0-day-exploit-speaks-chinese-bypasses-uac-t298.htm-

    ..about the "0-day exploit speaks Chinese, bypasses UAC" which Marco Giuliani talks about.
     
    Last edited by a moderator: Dec 15, 2010
  7. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    No, the patch released by Microsoft is related to other win32k.sys issues, the one discovered on 24th Nov is still unpatched ;)
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Thanks Marco for stopping by and clearing that up!

    TH
     
  9. katio

    katio Guest

    Oddly there still is no CVE id but you can track it here:
    http://secunia.com/advisories/42356/

    + workaround
    (at your own risk ...)


     
Loading...
Thread Status:
Not open for further replies.