Microsoft yesterday issued its monthly round of patches, including a fix for a security flaw that could allow an attacker to gain control of a computer.
The software giant released six security bulletins this month, compared to 12 bulletins in the last round of patches in July. Three of the flaws were classified as critical, two were “moderate” and one was “important.”
Critical flaws are described as vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action. Important flaws could result in compromise of confidentiality, integrity or availability of user data, or the integrity or availability of processing resources. Moderate flaws are mitigated to a significant degree by factors such as default configuration, auditing or difficult exploitation.
Michael Sutton, the director of iDefense Labs for VeriSign/iDefense, told TechNewsWorld that although there were no show stoppers in this month’s Patch Tuesday batch, there are some important flaws under the “critical” category “that are certainly deserving of that ranking.”
The most severe of three vulnerabilities found in Microsoft’s Internet Explorer Web browser could allow an attacker to take complete control of an affected system through remote code execution.
The flaw is in the way it handles JPEG images. An attacker could exploit the vulnerability by constructing a malicious JPEG image that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message.
Sutton said this variety of flaw is all-too-common. “These are similar to what we’ve seen in the past,” he said.
Exploit Code Available
A remote code vulnerability also exists in the way Internet Explorer instantiates COM objects that are not intended to be used with the software. This flaw could allow an attacker to exploit the vulnerability by constructing a malicious Web page that could allow him to execute code if it is viewed by a user.
“Users definitely need to pay close attention to the COM flaw because there’s already exploit code out there,” Sutton said. “We’ve actually seen malicious code taking advantage of that vulnerability. Most importantly we saw exploit code in the last 24 hours for this flaw.”
A critical remote code execution vulnerability also exists in Windows Plug and Play that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. Another critical vulnerability exists in Windows’ Print Spooler service that could allow remote code execution.
“Print Spooler and Plug and Play are not exposed to the Internet. But it’s still a significant threat,” Sutton said. “The biggest threat any company faces is from insiders, not outsiders. So it’s definitely something to be concerned about.”
Denial of Service Attacks
Two moderate vulnerabilities were also found in Windows. A flaw in the Remote Desktop Protocol exists that could allow an attacker to cause a system to stop responding. The impact of this vulnerability is denial of service.
Another flaw in Kerberos, an authentication software, could also lead to a denial of service attack, information disclosure or spoofing. Finally, one important flaw was found in Microsoft Windows Telephony Application Programming Interface service that could allow remote code execution.