September 1, 2014

Microsoft patches Windows Kernel-Mode Driver vulnerability which is being exploited in the wild

microsoft logo(LiveHacking.Com) – Among the six Critical security bulletins issued by Microsoft, during its regular Patch Tuesday updates for July, was a fix for  CVE-2013-3660 a vulnerability in win32k.sys that allows remote code execution if a user views shared content that embeds TrueType font files. The vulnerability allows hackers to take complete control of an affected PC and Microsoft are reporting that it is being used in the wild in “limited, targeted attacks.”

The Windows Kernel-Mode Driver vulnerability, which affects all supported versions of Windows from XP SP2 on-wards (including Windows 8 and Windows 8 RT), exists because of an uninitialized pointer bug in the EPATHOBJ::pprFlattenRec function. The security patch fixes the way Windows handles specially crafted TrueType Font (TTF) files and by correcting the way that Windows handles objects in memory (in other words by fixing the uninitialized pointer bug).

The other five Critical bulletins also outline fixes for vulnerabilities which can lead to unauthorized remote code execution. MS13-052 fixes vulnerabilities in the Microsoft .NET Framework and Microsoft Silverlight, while MS13-054 addresses a vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio – again connected with content that embeds TrueType font files.

There is also a cumulative security update for Internet Explorer. It resolves seventeen vulnerabilities in the browser. The most severe of these could allow remote code execution if a user views a specially crafted webpage. The security update is rated Critical for Internet Explorer 6, 7, 8, 9 and 10 on desktop versions of Windows and Moderate on Windows servers.

The only non-Critical patch was for a vulnerability in Windows Defender for Windows 7. The vulnerability could allow a hacker to gain elevated of privilege due to the way pathnames are used by Windows Defender, however an attacker must have valid logon credentials to exploit this vulnerability.

In total Microsoft addressed 34 vulnerabilities across its products. The software giant is recommending that system administrators who need to prioritize the role out of these patches should focus on the Windows Kernel-Mode Driver vulnerability and the updates to IE.