October 25, 2014

New “Highly Critical” Windows 7 Vulnerability

(LiveHacking.Com) – Microsoft are investigating a new vulnerability in Windows 7 which causes a blue screen of death (BSoD). A “researcher” named webDEVIL posted to twitter that “<iframe height=’18082563′></iframe> causes a BSoD on win 7 x64 via Safari. Lol!”  Security company Secunia then posted an advisory rating the issue as “Highly critical” as the fault can lead to system compromise and successful exploitation does not require any user interaction.

The vulnerability is due to an error in win32k.sys and can be used to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. It isn’t clear yet if an actual exploit exists or if this is just a potential hole to launch an attack.

“We are currently examining the issue and will take appropriate action to help ensure customers are protected,” Jerry Bryant, group manager of response communications for Microsoft’s Trustworthy Computing Group, said in a statement to SecurityWeek. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Microsoft Releases Hotfix for AppLocker Flaw

(LiveHacking.Com) – Microsoft has released a hotfix for a flaw in AppLocker that allows AppLocker rules to be circumvented with an Office macro. The vulnerability affects Windows 7 or Windows Server 2008 R2.

With AppLocker users can define rules that control which applications can run, however, it turns out that an attacker could create a macro in Microsoft Office  to circumvent the AppLocker rules. As a result malware in the %TEMP% or %system drive%:\Users directory can be executed by using the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags, even if access to these directories is limited by AppLocker rules.

To apply this hotfix, you must be running one of the following operating systems:

  • Windows 7
  • Windows 7 Service Pack 1 (SP1)
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Service Pack 1 (SP1)

Vulnerability Found in How Windows 7 Handles Malformed DHCPv6 Packets

(LiveHacking.Com) – Barracuda Labs has discovered a vulnerability in the way the DHCPv6 components of Windows handle malformed packets.

Upon the reception of a “malformed” DHCPv6 Reply packet, the RPC server reports a critical error 0xc0000374 and then becomes unresponsive. The results is that a type of denial-of-service attack could be launched and prevent other machines from connecting to the network.

To exploit this vulnerability, an attacker would need to intercept DHCPv6 traffic and send a modified reply with a malformed Domain Search List option. On reception of this malformed packet, RPC on the remote machine would fail.

According to the advisory issued by Barracuda, the vulnerability affects at least Microsoft Windows 7 Ultimate SP1 32 bit & 64 bit and that it is very likely that other versions of Windows 7 (and maybe earlier) are affected.

Windows 7 Has Lowest Malware Infection Rate Compared to XP and Vista

Microsoft has released its 10th Security Intelligence Report (SIR) that analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, as well as internet services, and three Microsoft Security Centers.

As part of the study Microsoft have found that Windows 7 has consistently had the lowest infection rate of any Microsoft client operating system/service pack combination over the past eighteen months.

The biggest threat to information security remains in applications (like Adobe Reader, Microsoft Office and Adobe Flash). Application vulnerabilities accounted for a large majority of all vulnerabilities in 2010, although the total number of application vulnerabilities has declined since 2009.

However, exploits that affected Adobe Acrobat and Adobe Reader accounted for most document format exploits detected throughout 2010. Almost all of these exploits involved the generic exploit Win32/Pdfjsc, a family of specially crafted PDF files that contain malicious Javascript that execute when the file is opened.

As with all statistics it is about how the data is interepted. It is clear from the report that infection rates for Windows 7 is much lower than that of XP. And that the infection rates for the 64-bit versions of Windows Vista and Windows 7 are lower than for the corresponding 32-bit versions of those operating systems. But some are choosing to report that Windows 7’s malware infection rate climbed by more than 30% during the second half of 2010, while the infection rate of Windows XP fell by more than 20%.

In reality the infection rate of Windows XP SP3 fell from 1.8% in the first quarter to just over 1.4% in the fourth quarter, and indeed this is a 22% drop. But for the last six months of 2010 the 32-bit version of Windows 7 had an infection rate of 0.4% up from 0.3% and so this is a 33% increase.

And so proving the saying “lies, damn lies and statistics” indeed XP has had a 22% drop and Windows 7 a 33% increase. But such figures are nonsense.

The Microsoft Security Intelligence Report can be downloaded here.

Windows 7 SP1 and Windows Server 2008 R2 SP1 Available For Download in Less Than 2 Weeks

Microsoft have announced via its official Windows Blog that Windows 7 SP1 and Windows Server 2008 R2 SP1 will be available for public download on February 22nd. Microsoft’s OEM partners (which includes big manufacturers like HP and Dell) have already received the final release. For those with MSDN and TechNet subscriptions (as well as Volume License customers) SP1 will be available on February 16th.

For Windows 7, SP1 is basically a culmination of the existing updates and according to the beta testers there are only a few new features, but to be honest the average user won’t notice them with the possible exception of the small percentage of users with issues connecting their PCs to HDMI audio devices or those who print mixed-orientation XPS documents.

SP1 for Windows Server 2008 R2 does however have some new features for those who use the server for desktop virtualization. According to the Windows Server Team, these two new features: Dynamic Memory and RemoteFX, enable sophisticated desktop virtualization capabilities. These features build on the comprehensive virtualization functionality already included in the Windows Server operating system.