The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.
Three of the bulletins are rated “critical” because of the risk of remote code execution attacks. Affected products include the Windows operating system, Microsoft Office, the Internet Explorer browser and Internet Information Services (IIS).
This month’s patch batch also provides cover for a known cross-site scripting flaw in the Microsoft SharePoint Server and a publicly discussed data leakage hole in Internet Explorer.
Microsoft is urging its users to pay special attention to MS10-033 (Windows), MS10-034 (ActiveX killbits) and MS10-035 (Internet Explorer) because these contain fixes for issues that may be exploited by malicious hackers very soon.
Here’s the skinny on these three bulletins:
Qualys CTO Wolfgang Kandek noticed that four of the 10 bulletins address zero-day issues, the most significant being MS10-035, which fixes the zero-day published by Core Security for an information disclosure vulnerability originally published in February 2010. It also fixes the PWN2OWN vulnerability that security researcher Peter Vreugdenhil used to win ZDI’S competition at CANSECWEST. During that contest, Vreugdenhil bypassed all built-in protections such as DEP and ASLR by combining multiple attack methods.
The MS10-040 bulletin is also interesting. It covers a a remotely exploitable vulnerability in all versions of IIS, but it is present only if the administrator has downloaded and installed the Channel Binding Update and enabled Windows Authentication. It further requires an account on the system, reducing the number of vulnerable hosts to a small subset. Microsoft rates this an “important” update.
www.microsoft.com/technet/security/Bulletin/MS10-033.mspx
www.microsoft.com/technet/security/Bulletin/MS10-033.mspx
www.microsoft.com/technet/security/Bulletin/MS10-034.mspx
www.microsoft.com/technet/security/Bulletin/MS10-034.mspx
www.microsoft.com/technet/security/Bulletin/MS10-035.mspx
www.microsoft.com/technet/security/Bulletin/MS10-035.mspx
threatpost.com/patch-tuesday-microsoft-kills-pwn2own-browser-bug-060810/