February 5, 2012

You are here: Home / Archives for Microsoft

Microsoft Fixes Eight Security Vulnerabilities in its Products

January 11, 2012 By

(LiveHacking.Com) – Microsoft has released seven security bulletins as part of its Patch Tuesday program. One of seven bulletins is rated Critical, with the remaining six classified as Important. The Critical bulletin addresses two issues in Windows Media Player. If exploited these vulnerabilities would allow remote code execution on the affected PC. Although there are no known active exploitations of these bugs, they can be triggered by a hacker crafting a malicious MIDI or DirectShow file. If the user then opened this file their PC would become vulnerable as the attacker could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining fixes are:

  • Vulnerability in Windows Object Packager That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.
  • Vulnerability in Windows Client/Server Run-time Subsystem That Could Allow Elevation of Privilege – The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
  • Vulnerability in Microsoft Windows That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.
  • Vulnerability in SSL/TLS Could Allow Information Disclosure – This vulnerability affects the SSL 3.0 and TLS 1.0 protocols and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This should protect users  from the tool known as BEAST (Browser Exploit Against SSL/TLS).
  • Vulnerability in AntiXSS Library Could Allow Information Disclosure – The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.
Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , ,

Microsoft to Fix Eight Vulnerabilities Next Tuesday

January 6, 2012 By

(LiveHacking.Com) – Microsoft has published its advance notification for January’s Patch Tuesday. The software giant will release seven bulletins to address eight vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software. Only one of the bulletins is rated as Critical, the rest are rated as Important. However Important bulletins are still serious as Microsoft defines them as “a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.”

The types of vulnerabilities fixes include remote code execution, elevation of privilege, information disclosure and the less common security feature bypass. A security feature bypass vulnerability can not themselves used by an attacker they can be used to enable the use of another exploit.

Affected Software includes Windows XP, Windows Vista, Windows 7 and Windows Server 2003 and 2008. The security bulletins will be published on January 10, 2012.

Filed Under: Microsoft, Microsoft, Vulnerability, Windows Tagged With: ,

Microsoft Patches More Than Hash Table Collision Problem With .NET Update

December 30, 2011 By

(LiveHacking.Com) – Microsoft has released a “Critical” out-of-band update for .NET which fixes an elevation of privilege vulnerability in .NET across all supported versions of Windows. Microsoft’s prime reason for releasing the update was to address the newly disclosed denial-of-service vulnerability affecting a range of Web development languages including Microsoft’s ASP.NET, however the update also included fixes which were already committed to the code base.

Before details of the hash table collision denial-of-service vulnerability were released, Microsoft had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation of privilege vulnerability. Once they received the notification about the elevation of privilege vulnerability the ASP.NET team fixed it and tested it ready for the next security update. Therefore the hash table collision update includes the already committed privilege elevation.

The elevation of privilege vulnerability, which was privately reported to Microsoft, is exploited when an unauthenticated attacker sends a specially crafted web request to the target site. If successful the attacker can take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. However to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name. The fix changes the way the .NET Framework handles specially crafted requests, and how the ASP.NET Framework authenticates users and handles cached content.

This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.

Filed Under: Microsoft, Security, Vulnerability Tagged With: , ,

New “Highly Critical” Windows 7 Vulnerability

December 21, 2011 By

(LiveHacking.Com) – Microsoft are investigating a new vulnerability in Windows 7 which causes a blue screen of death (BSoD). A “researcher” named webDEVIL posted to twitter that “<iframe height=’18082563′></iframe> causes a BSoD on win 7 x64 via Safari. Lol!”  Security company Secunia then posted an advisory rating the issue as “Highly critical” as the fault can lead to system compromise and successful exploitation does not require any user interaction.

The vulnerability is due to an error in win32k.sys and can be used to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. It isn’t clear yet if an actual exploit exists or if this is just a potential hole to launch an attack.

“We are currently examining the issue and will take appropriate action to help ensure customers are protected,” Jerry Bryant, group manager of response communications for Microsoft’s Trustworthy Computing Group, said in a statement to SecurityWeek. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Filed Under: Microsoft, Microsoft, Safari, Vulnerability Tagged With: , ,

Microsoft Fixes Duqu Vulnerability But Drops SSL Changes at Last Minute

December 14, 2011 By

(LiveHacking.Com) - As expected Microsoft has released its Patch Tuesday security updates for December. Originally Microsoft were going to release 14 bulletins but instead released only 13. The missing update was intended to make changes to the way Windows works with SSL/TLS to try and minimize the recently discovered weaknesses of the security protocol as highlighted by the BEAST (Browser Exploit Against SSL/TLS) hacking tool. However Microsoft discovered some compatibility issues with their changes and “a major third-party vendor.” Microsoft are “working with that vendor to address the issue.”

Microsoft however did fix the kernel-mode driver vulnerability that allows the Duqu malware to spread. The vulnerability allows remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.

Microsoft also fixed a vulnerability in Windows Media Player and Windows Media Center that can allow remote code execution. Bulletin MS11-092  resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

The other “Critical” level update is for a  remote code execution vulnerability if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.

 

Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , , , , , ,

Microsoft to Fix 20 Vulnerabilities Next Tuesday

December 9, 2011 By

(LiveHacking.Com) - Microsoft will fix 20 vulnerabilities for December’s Patch Tuesday. According to the Microsoft security bulletin advance Notification for December 2011, the Redmond company will release 14 bulletins addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Publisher, and Windows Media Player.

Although Microsoft doesn’t release details of the bulletins until they are posted, pundits are suggesting that among the patches will be a fix for the vulnerability that allows the Duqu intelligence-gathering Trojan to spread, and a fix for the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 flaws popularized a few months ago by the BEAST (Browser Exploit Against SSL/TLS) hacking tool.

Three of the 14 bulletins are marked as “critical” (the highest threat ranking) and the remaining 11 are tagged as “important” (the second-highest rating). Release of the bulletin is scheduled for Tuesday, December 13, 2011.

Filed Under: Intenet Explorer, Microsoft, Microsoft, Vulnerability Tagged With: , , , , , ,

Microsoft Rethinking How Often A Windows 8 Machine Will Need to Restart to Apply Security Patches

November 16, 2011 By

(LiveHacking.Com) - Microsoft will change the way Windows 8 forces a system restart when applying security patches to minimine downtime and limit disruption and inconvenience. According to a new post on the  Microsoft’s Building Windows 8 blog, the Windows Update service will be modified for Windows 8.

When it comes to Windows Update, one of the most discussed topics is the disruptiveness of restarts in the course of automatic updating. And for good reason—restarts can interrupt you right in the middle of something important.

For Windows 8 Microsoft wants to find the best way to quickly update the PC while not being intrusive to the user. To this end it proposes three principles:

  • The automatic updating experience is not intrusive to users but keeps them aware of critical actions
  • Minimize restarts and make them more predictable
  • Continue to keep the PC and the ecosystem up-to-date and secure in a timely manner
What this means practically is that:
  • Windows Update will consolidate all the restarts in a month, synchronizing with the monthly security release (meaning Patch Tuesday).
  • Windows Update notifies you of any upcoming automatic restart.
  • Windows Update will delay the automatic restart if there is potential of losing user data.
What this means is that it does not matter when updates that require restarts are released in a month, as these restarts will be delayed till Patch Tuesday. Therefore there will be just one forced restart per month.
There is however one exception, if Microsoft issue a critical security update to fix a worm-like vulnerability then Windows Updates will download, install, and restart automatically.
Filed Under: Microsoft Tagged With: , ,

Microsoft Releases Hotfix for AppLocker Flaw

November 10, 2011 By

(LiveHacking.Com) - Microsoft has released a hotfix for a flaw in AppLocker that allows AppLocker rules to be circumvented with an Office macro. The vulnerability affects Windows 7 or Windows Server 2008 R2.

With AppLocker users can define rules that control which applications can run, however, it turns out that an attacker could create a macro in Microsoft Office  to circumvent the AppLocker rules. As a result malware in the %TEMP% or %system drive%:\Users directory can be executed by using the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags, even if access to these directories is limited by AppLocker rules.

To apply this hotfix, you must be running one of the following operating systems:

  • Windows 7
  • Windows 7 Service Pack 1 (SP1)
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Service Pack 1 (SP1)
Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , ,

Microsoft Plugs TCP/IP Hole While Adobe Fixes Critical Vulnerabilities in Shockwave

November 9, 2011 By

(LiveHacking.Com) - Microsoft has issued four security bulletins to address four vulnerabilities in its Windows operating system including a ‘Critical’ vulnerability in TCP/IP.

The networking flaw, which was reported privately to Microsoft, could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Successful exploitation of MS11-083 would let an attacker run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The flaw exists in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 but not in Windows XP or Windows Server 2003.

The remaining three bulletins are as follows:

MS11-085Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

MS11-086< – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.

MS11-084Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Adobe Shockwave Player

Whilst Microsoft was busy fixing its networking code, Adobe posted a security bulletin about its Shockwave Player.

Critical vulnerabilities exist in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and OS X. Successful exploitation would let an attacker run arbitrary code.

A new version of Shockwave Player is available which:

  • Resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446).
  • Fixes a memory corruption vulnerability that could lead to code execution (CVE-2011-2447).
  • Resolves a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448).
  • Fixes multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).
Filed Under: Adobe, Adobe, Microsoft, Microsoft, Vulnerability Tagged With: , , , ,

Light Patch Tuesday Ahead With No Fix For Duqu TrueType Font Vulnerability

November 7, 2011 By

(LiveHacking.Com) - Microsoft has published its advance notification of the security bulletins that Microsoft is intending to release for November’s Patch Tuesday (November 8, 2011).

Microsoft will issue four bulletins: one for a ‘Critical’ remote code execution vulnerability, two ‘Important’ fixes for remote code execution and elevation of privilege flaws and a ‘Moderate’ denial-of-service vulnerability.

The ‘Critical’ bulletin affects Windows 7, Vista, Server 2008 and Server 2008 R2 but not XP and Server 2003. This probably means that the flaw is in newer functionality which isn’t included XP or Server 2003. In fact, only one of the four bulletins affects XP and Windows Server 2003. The other three are only found in Windows Vista or above.

Microsoft have already said that a fix for the Windows’ TrueType font parsing engine vulnerability, that is used by the Duqu malware, will not be ready for this month’s bulletin release:

Additionally, our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release.

Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , ,
« Older Posts