May 23, 2013

You are here: Home / Archives for Patch Tuesday

Microsoft patches Kernel-Mode driver after blue screen of death issues

April 24, 2013 by

microsoft logo(LiveHacking.Com) – Microsoft has released a new patch to replace the Kernel-Mode driver update which was released as part of April’s Patch Tuesday. Problems started to arise with the update and Microsoft had to pull the patch. Peculiar to Windows 7, the patch could put systems into a situation where they failed to recover from a reboot (as they just keep rebooting) or make certain applications (specifically from Kaspersky) fail.

According to a Microsoft knowledge base article the symptoms are either an Event ID 55 or a 0xc000021a Stop error during the boot process. The Event ID 55 will wrongly claim that file system structure on the disk is corrupt and unusable and force the run of the Chkdsk utility. The Stop error will simply say that the Session Manager Initialization system process terminated unexpectedly and the system will shutdown. Any attempt to reboot will likely results in the same stop code.

The new update, KB2840149, has been rebuilt and still addresses the Moderate security issue described in MS13-036 but without the previous problems. For those with automatic updates enabled, you won’t need to take any actions. If you are applying updates manually Microsoft recommends you apply this update as soon as possible.

Filed Under: Microsoft, News Tagged With: ,

Microsoft’s Patch Tuesday Kernel-Mode driver update causing problems

April 15, 2013 by

stop-_c000021a(LiveHacking.Com) – Last Tuesday Microsoft released nine security bulletins to address 14 different vulnerabilities in its products including one to fix vulnerabilities in Windows’ Kernel-Mode Driver that could allow an attacker to gain elevated privileges. Following the released of the patches reports started to appear about Windows 7 systems that fail to recover from a reboot (as they just keep rebooting) or applications (specifically from Kaspersky) that fails after the security update is applied. Microsoft recommends that customers uninstall this update and it has removed the download links to the update while it investigates.

According to a Microsoft knowledge base article the symptoms are either you receive an Event ID 55 or a 0xc000021a Stop error during the boot process. The Event ID 55 will wrongly claim that file system structure on the disk is corrupt and unusable and force the run of the Chkdsk utility. The Stop error will simply say that the Session Manager Initialization system process terminated unexpectedly and the system will shutdown. Any attempt to reboot will likely results in the same stop code.

According to Microsoft, systems with the update applied that use Kaspersky Anti-Virus for Windows Workstations or Kaspersky Anti-Virus for Windows Servers versions 6.0.4.1424 and 6.0.4.1611 may display an error message saying that the license for the product is not valid.

Filed Under: Microsoft, News Tagged With: ,

Microsoft fixes Critical IE and Remote Desktop flaws

April 10, 2013 by

Windows(LiveHacking.Com) – Microsoft has released a series of nine security bulletins, (two Critical and seven Important) to fix 14 different vulnerabilities in a range of its products including Microsoft Windows, Internet Explorer, Microsoft Antimalware and Windows Server Software.

The first of the two Critical level bulletins patches Internet Explorer against a remote code execution attack which could occur if users visited a specially crafted webpage using IE. A successful exploited would mean that the attacker would gain the same rights as the current user. The good news is that both of these IE issues were privately disclosed and Microsoft has not detected any attacks or customer impact. The vulnerabilities affect Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10.

There is also a remote code execution patch for Windows in connection with the Windows Remote Desktop Client ActiveX control. As with the IE bugs, this vulnerability could allow remote code execution if an attacker convinces a customer to view a website containing specially crafted content that exploits the vulnerability. This bug is seen as Critical for the Remote Desktop Connection 6.1 Client and the Remote Desktop Connection 7.0 Client on Windows XP, Windows Vista, and Windows 7.

Although Windows 8 was not affected by the Remote Desktop vulnerability, it isn’t immune to other problems including an exclusive patch for problems with the Windows 8 antimalware client used in Windows Defender.

Microsoft received a private report about a vulnerability that could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. If successfully exploited an attacker could execute arbitrary code and take complete control of an affected system. This would allow them to install programs and create new accounts. The bulletin is marked as Important (and not Critical)  for Windows 8 and Windows RT as an attacker must have valid logon credentials to exploit the vulnerability.

Filed Under: Intenet Explorer, Microsoft, News, Vulnerability Tagged With: , ,

Microsoft to patch critical flaws in Windows and IE on Tuesday

April 5, 2013 by

microsoft logo(LiveHacking.Com) – Microsoft has released its customary advanced warning about security vulnerabilities that it plans to fix during its next Patch Tuesday. April’s update will contain nine bulletins, two of which are marked as Critical. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer. The remaining seven are tagged as Important and will address issues in Microsoft Windows, Office, Anti-malware Software, and Server Software.

The IE bulletin affects all supported versions of Microsoft’s browser from IE 6 on XP to IE 10 on Windows 8 and RT. These vulnerabilities in IE could allow hackers to remotely execute arbitrary code (often used to infect a PC with malware via a drive-by download) on unpatched machines.

The Critical patches for Windows, which are also to fix remote code execution vulnerabilities, affects only the older versions of Windows from Windows 7 back to Windows XP. Windows 8, Windows Server 2012 and the version of Windows for tablets, Windows RT, are not affected.

Bulletin 7 only affects Windows 8 and Windows 8 RT and applies to some flaws in Windows Defender which could allow a hacker to run programs at an elevated privilege. Paul Henry, security and forensic analyst at Lumension, told The Register that “Windows Defender is an important security component for the new operating systems, so it’s a little concerning to see it impacted here, even if only at an ‘important’ rather than critical level. If you’re running either of those systems, I would patch this important bulletin first.

Microsoft plans to publish the bulletins on April 9, 2013 at approximately 10 a.m. PDT.

Filed Under: Microsoft, News, Vulnerability Tagged With: , , ,

Microsoft fixes Critical remote code execution vulnerabilities

February 13, 2013 by

microsoft logo(LiveHacking.Com) – Microsoft has released 12 bulletins, five Critical and seven Important , to addressing 57 different vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework.

Among the fixes was a security update that resolves thirteen vulnerabilities in Internet Explorer. The most severe of these issues could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. As well as generally patching IE, the company also patched its implementation of the Vector Markup Language (VML) in its browser. If exploited the vulnerability could allow remote code execution if a user viewed a specially crafted webpage. Microsoft says that it is aware of this vulnerability being used as an information disclosure vulnerability in targeted attacks. It is therefore essential that this patch is applied as soon as possible.

There is also an update for Microsoft Windows Object Linking and Embedding (OLE) Automation. Again, the vulnerability could allow remote code execution, this time  if a user opens a specially crafted file. The fix corrects the way in which OLE Automation parses files. This security update is rated as Critical but only for Windows XP Service Pack 3. All other support versions of Microsoft Windows are not affected.

Similarly Microsoft fixed a vulnerability in how different types of media are decompressed. The remote code execution vulnerability could be exploited by tricking a user to open  a specially crafted media file (such as an .mpg file), open a Microsoft Office document (such as a .ppt file) that contains a maliciously crafted embedded media file, or if the user runs programs to receives streaming content designed to exploit the vulnerability.

There is also a fix for remote code execution vulnerabilities in Microsoft Exchange Server, the most severe of which could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing.

Filed Under: Intenet Explorer, Microsoft, News, Vulnerability Tagged With: , ,

Microsoft to fix 57 unique vulnerabilities in February’s Patch Tuesday, also updates Flash in IE 10

February 8, 2013 by

microsoft logo(LiveHacking.Com) – Microsoft has published an advanced notification of security patches that it intends to release on Tuesday February 12, 2013. It will  release 12 bulletins, five of which are rated as Critical and seven as Important. These bulletins address 57 unique vulnerabilities in various Microsoft products including Windows, Internet Explorer and Exchange Software, Office, .NET Framework, and Microsoft Server Software.

All five Critical bulletins resolve remote code execution problems while the Important class advisories will address denial of service and elevation of privilege problem along with another less harmful remote code execution vulnerability.

Windows XP is affected by four of the five Critical bulletins, while Windows 8 is affected by only two of them. The common vulnerabilities between the oldest and newest of Microsoft’s current supported operating systems are all connected with Internet Explorer. It seems that Microsoft will patch some holes in IE which can be found in IE 6, 7, 8, 9 and 10. The version of IE 10 in Windows RT is also affected.

The other Critical bulletin will be issued regarding Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010.

IE 10 and Adobe Flash Player

Microsoft has also issued an update for Internet Explorer 10 on Windows 8 to update the built-in version of Adobe Flash Player which Adobe recently updated.  Adobe released security updates for Adobe Flash Player on Windows, OS X, Linux and Android to address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is reporting that at least two of the vulnerabilities addressed are being exploited in the wild. In one targeted attack, users are tricked  into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The other vulnerability is being exploited via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening another Microsoft Word document.

Filed Under: Adobe, Flash Player, Microsoft, News, Vulnerability Tagged With: , , , ,

Microsoft updates its XML Core Services as part of Critical patch release

January 9, 2013 by

microsoft logo(LiveHacking.Com) –  Microsoft has released seven bulletins, two ranked Critical and five ranked Important, to address 12 vulnerabilities in Microsoft Windows, Office, Developer Tools and Windows Server. Among the Critical patches is an update (MS13-002) to Microsoft’s XML Core Services that resolves two flaws that could allow remote code execution when a user opened a specially crafted website designed to exploit the vulnerability. The issue was privately disclosed and Microsoft is not aware of any attacks in the wild.

The other Critical-class bulletin (MS13-001) addresses a vulnerability in Microsoft Windows which could allow remote code execution if a print server received a specially crafted print job. The standard default Windows firewall configuration means that this can’t normally be exploited from an external source. The bug only affects Windows 7 and Windows Server 2008 R2.

The first Important-class patch addresses vulnerabilities in System Center Operations Manager.  The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. Microsoft also fixed two other “elevation of privilege” vulnerabilities. The first in its .NET framework and the other in the Windows Kernel-Mode Driver. To exploit the kernel vulnerability a user would need to run an executable specifically designed to exploit the bug.

Microsoft also fixed a vulnerability in the way that Windows handle the SSL version 3 (SSLv3) and TLS protocols. The vulnerability could allow security feature bypass if an attacker injects specially crafted content into an SSL/TLS session. The flaw exists in all versions of Windows after XP: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

The final patch fixes a problem in the Open Data Protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site.

Filed Under: Microsoft, News Tagged With: , , , , ,

Someone has bypassed Microsoft’s Fix It for the IE 8 zero-day vulnerability already

January 8, 2013 by

security news at livehacking.com(LiveHacking.Com) – Security information company Exodus Intelligence has published a blog post claiming to have bypassed Microsoft’s Fix It for the current zero-day vulnerability in Internet Explorer 8. The official Fix It was released by Microsoft as a temporary workaround to the zero-day vulnerability found in Internet Explorer 6,7 and 8. The bug in IE can corrupt memory in such a way that it allows an attacker to execute arbitrary code in the context of the current user within IE. To exploit it, users are tricked into visiting a specially crafted website which uses either Flash or Javascript to generate a heap spray attack against IE. The Fix It uses a shim to change a few bytes of data in a .dll and so prevent the vulnerability from being used for code execution.

According to Exodus Intelligence it is now possible to bypass the shim and compromise a fully-patched system. Due to the nature of its business, Exodus Intelligence has passed on the details about the bypass to its customers. Thankfully it has also notified Microsoft. The company promises to fully disclose the details of the bypass once Microsoft has fully addresses the issue.

“After less than a day of reverse engineering, we found that we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week,” said Exodus Intelligence on its blog.

Microsoft will release seven security bulletins today to address 12 vulnerabilities in Microsoft Windows, Office, Developer Tools, Microsoft Server Software and the .NET Framework. However a fix for the Internet Explorer vulnerability will not be among the patches.

Internet Explorer 9 and 10 are immune to the attack and upgrading to the later versions of IE will protect users (as will using a different browser like Firefox or Chrome), the problem is that XP users can’t upgrade IE beyond 8. Also Enterprise users may still be stuck on older versions of IE due to legacy application support. In combination this means that pressure is now mounting on Microsoft to make an out-of-band release for IE to fix the vulnerability.

Filed Under: Intenet Explorer, Microsoft, News Tagged With: , , ,

Two Critical-level bulletins to be released by Microsoft on Tuesday, IE 8 patch not included

January 4, 2013 by

microsoft logo(LiveHacking.Com) –  Microsoft is preparing to release seven security bulletins next week; two Critical and five Important. In total they address 12 vulnerabilities in Microsoft Windows, Office, Developer Tools, Microsoft Server Software and the .NET Framework.

There is no news on when Microsoft plans to patch the zero day vulnerability and exploit in Internet Explorer that was discovered during the holidays. Until it is fixed, Microsoft has issued a Fix It. The vulnerability was discovered when FireEye was investigating reports that the Council on Foreign Relations (CFR) website had been compromised. According to Microsoft’s Security Advisory 2794220, the issue impacts Internet Explorer 6, 7, and 8 and that there are a small number of targeted attacks happening in the wild.

The first Critical bulletins affects all supported versions of  Windows (including Windows 8), Office 2003 & 2007 and some server software. The second is for Windows 7 and Windows Server 2008 R2 only. Both critical bulletins address vulnerabilities would enable an attacker to remotely execute code on a vulnerable Windows machine.

Windows 8 RT, the version of Windows that runs on the ARM processor used, among others, on Microsoft’s Surface tablet, is also affected by the first Critical bulletin and at least three of the Important-level ones.

The Important-level bulletins address vulnerabilities that could allow privilege escalations, vulnerabilities that could allow security features to be bypassed or vulnerabilities which could allow attackers to start a denial of service attack.

Microsoft plans to release the bulletins on the second Tuesday of the month, at approximately 10 a.m. PST.

Filed Under: Microsoft, News, Security Tagged With: ,

In Brief: Microsoft re-releases one of its Patch Tuesday bulletins to fix font problem

December 21, 2012 by

microsoft_logo1-squareMicrosoft has re-released update MS12-078 to fix a problem with disappearing fonts. Reports starting to appear when users installed the patch that Microsoft released on December 11th. The patch was designed to fix a  font rendering vulnerability. In the worst case sceanatrio explotation of the bug could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType or OpenType font files.

However it seems that the fix prevented PostScript Type 1 and OpenType fonts from being displayed correctly and the fonts disappeared completely in several programs including CorelDraw, QuarkExpress and PowerPoint. The only way to get the fonts back was to uninstall the update.

“Rereleased update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update,” wrote Microsoft.

Filed Under: Microsoft, News, Security, Vulnerability Tagged With: ,
«Older Posts