Patch Tuesday: XP, IE Take Center Stage

Wednesday, March 12, 2014 @ 06:03 PM gHale


While Windows XP will soon be going away, Patch Tuesday had a nostalgic feel to it as Microsoft plugged a critical vulnerability in its XP operating system.

The Windows XP patch related to a critical vulnerability in the operating system’s DirectShow service that attackers could theoretically use to remotely execute code. Microsoft downplayed the significance of the vulnerability, confirming they received word privately about the issue and it only affects Windows XP.

RELATED STORIES
Microsoft’s EMET 5.0 Previewed
Bypass Possible for EMET Shield
Fix It Issued for IE Zero Day
Error Reports could lead to Attacks

However, the flaw is troubling as Microsoft is due to officially cease support for Windows XP April 8. The cut-off has led to concerns within the security community.

Microsoft also released a permanent fix for a critical flaw in Internet Explorer (IE). FireEye discovered the flaw February 14 and attackers have used it to mount a sophisticated hacking campaign, codenamed Operation SnowMan.

Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs listed the fix as critical and called for IT managers to install it as soon as possible. “Our top deployment priority this month is MS14-012, which address 18 issues in Internet Explorer,” he said.

“This cumulative update addresses one public and 17 privately disclosed issues in Internet Explorer. These issues could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. We are aware of targeted attacks using CVE-2014-0322 against Internet Explorer 10.”

The March Patch Tuesday also included a fix for a previously undisclosed vulnerability in Microsoft Silverlight.

“MS14-014 provides an update to address a security feature bypass in Silverlight. The issue wasn’t publicly known and it isn’t under active attack, however it can impact your security in ways that aren’t always obvious,” said Childs.

“Specifically, the update removes an avenue attackers could use to bypass ASLR [address space layout randomization] protections. Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable.”

The update also features patches for flaws in Microsoft’s Windows Kernel-Mode Driver and Security Account Manager Remote (SAMR) Protocol. Both vulnerabilities rank as important.



Leave a Reply

You must be logged in to post a comment.