10:14 Ms closed yesterday 17 vulnerabilities including dll preloading / hijacking and last Unclosed vulnerability of the worm stuxnet | |
| MS has released yesterday a large number of patches, many of these vulnerabilities have been known for months. And some of them already in full were used in malware, in fact from which information was received about them. MS10-090 (IE) - a comprehensive package of patches closes the whole pack of security holes (CVE-2010-3340, CVE-2010-3342, CVE-2010-3343, CVE-2010-3345, CVE- 2010-3346, CVE-2010-3348, CVE-2010-3962). Most of these charming vulnerabilities allow remote code execution under IE6/IE7/IE8. MS10-091 (Opentype Font driver) - this update also covers a whole bunch of security vulnerabilities (CVE-2010-3956, CVE-2010-3957, CVE-2010-3959) in Opentype Font driver (OTF) which can lead to remote code execution. An attacker could create a specially prepared OpenType font on the net the ball and when viewed in Windows Explorer is the execution of arbitrary code to be executed with system privileges. MS10-092 (Task Scheduler) - this is the last Unclosed vulnerability that remains of the worm Stuxnet and used them to raise local privileges to the level of the system to Vista/Win7. What is interesting is the vulnerability of performance on x64 systems, too, and became a full swing used in the latest versions rootkit TDL4. A detailed description of the vulnerability is in the study of ESET "Stuxnet under the microscope" on page 39. By the way, the research team (Aleksandr Matrosov, Eugene Rodionov, Juraj Malcho and David Harley) drafted this report added to the acknowledgments page on this uzyavimosti. DLL Preloading Issues (MS10-093, MS10-094, MS10-095, MS10-096, MS10-097) - this is again a set of patches, but related one to close the vulnerability allows spoofing of dynamic libraries in the process of uploading them. Some of these patches close the gap in standard applications such as windows Address Book, or windows Movie Maker. But in the MS10-095 has been fixed a really serious breach, allowing for remote arbitrary code when you click on a specially crafted WebDAV path and open a file that is replaced by an arbitrary. First, this method showed the guys from the Metasploit Ptoject have provided a working exploit is publicly available in August. MS10-098 - and again the closure of a set of vulnerabilities (CVE-2010-3941, CVE-2010-3942, CVE-2010-3943, CVE-2010-3944), but this time for nucleus. All of them are designed to raise local privileges to the level of the system and shut down by the researcher Tarjei Mandt of Norman. Some of them are described in detail in his blog. In addition to the above described was also closed a number of the following vulnerabilities: MS10-099 (Routing and Remote Access NDProxy component) - Elevation of Privilege MS10-100 ( Consent User Interface) - Elevation of Privilege MS10-101 (Netlogon RPC Service) - Denial of Service MS10-102 (Hyper-V) - Denial of Service MS10-103 (Microsoft Publisher) - Remote Code Execution MS10-104 (Microsoft SharePoint) - Remote Code Execution MS10-105 (Microsoft Office Graphics Filter) - Remote Code Execution MS10-106 (Microsoft Exchange) - Denial of Service Thanks to the user systracer, for what drew attention to the fact that the vulnerability CVE-2010-4398 to still relevant. It is connected with a stack overflow due to the SystemDefaultEUDCFont and to improve the benefits to the level of the system on a large number of platforms including x64, too. | |
|
| |
| Total comments: 0 | |