Posts Tagged ‘Patch Tuesday’
Wednesday, May 15, 2013 @ 03:05 PM gHale
Yes, it is another Patch Tuesday and this time Microsoft patched a big – and recent – vulnerability for the Internet Explorer 8 bug that suffered exploitation in watering hole attacks carried out against the U.S. Department of Labor (DoL) website and nine others worldwide.
The Patch Tuesday security updates also include a fix for IE vulnerabilities exploited during the Pwn2Own Contest earlier this year.
Details on the DoL attack quickly emerged following the initial reports May 1 the agency’s Site Matrices Exposures site suffered compromise and likely targeted Department of Energy (DoE) researchers working on nuclear weapons programs.
This week a site in Cambodia was also serving malware exploiting IE 8 vulnerabilities targeting workers for the United States Agency for International Development (USAID).
Microsoft urged users still on IE 8 to patch the browser immediately, or upgrade to newer versions.
Microsoft updated IE in every Patch Tuesday update this year, including an out-of-band patch in January that resolved a vulnerability used in another watering hole attack.
Microsoft resolves the IE 8 bug in MS13-038, one of 10 bulletins released. The critical update supplants a temporary Fix-It mitigation Microsoft released last week, a MSHTML Shim Workaround for CVE-2013-1347. The vulnerability is present in IE 8 only and is a use-after-free memory corruption flaw that enables remote code execution, and while IE 8 is an old version of the browser, it still has the highest market share with 23 percent, according to Net Market Share.
MS 13-037, meanwhile, also has researchers concerned now that details are public. It is a cumulative update for IE that addresses the Pwn2Own vulnerabilities exploited by security company VUPEN.
VUPEN Chief Executive Chaouki Bekrar said his researchers used four Zero Day exploits against Microsoft products during Pwn2Own, including a memory corruption, sandbox and ASLR-bypass bugs affecting IE 6-10.
MS13-039, meanwhile, rates as important, but could lead to a denial-of-service condition on boxes running Windows’ IIS webserver software. The vulnerability could be disruptive to organizations running remote services or Active Directory integrations on http.sys.
The remainder of the bulletins rated important by Microsoft and include a number of remote code execution, information leakage and privilege escalation bugs.
MS13-40: Patches a spoofing vulnerability the .NET framework that could allow an attacker to modify the contents of an XML file
MS13-41: Fixes a flaw on Microsoft Lync that could enable remote code execution if an attacker tricks a user into viewing malicious content.
MS13-42: Takes care of vulnerabilities in Microsoft Publisher that could allow an attacker to remotely execute code if a user opens a malicious Publisher file.
MS13-43: Patches a Word flaw that could give an attacker the same privileges as the user on a compromised machine.
MS13-44: Is a Visio vulnerability that could lead to information disclosure if a user opens an infected Visio file.
MS13-45: Repairs a Windows Essentials vulnerability that could lead to information disclosure if a user opens Windows Writer using a malicious URL.
MS13-46: Is a privilege escalation vulnerability in Kernel-Mode Drivers that happens if an attacker logs onto a system with valid credentials and runs a malicious application.
Friday, April 26, 2013 @ 11:04 AM gHale
It is now safe. That is what Microsoft is saying about the re-released security update that caused users’ computers to crash and crippled the machines with countless supply of reboots.
The revamped MS13-036 update — first issued April 9, but pulled three days later from distribution — “resolves issues some customers experienced,” said Microsoft spokesman Dustin Childs.
“The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these [rebooting] issues,” Childs added in a post to the Microsoft Security Response Center blog.
Two weeks ago, Microsoft yanked one of the two patches comprising MS13-036 from the Windows Update service as reports spread the fix was generating the notorious “Blue Screen of Death” (BSOD) error message and paralyzing PCs with repeated reboots.
Microsoft never clearly described the causes of the BSODs and endless reboots, saying at the time, “We’ve determined that the update, when paired with certain third-party software, can cause system errors.” Childs today also declined to get into specifics, instead saying only that “some customers were having issues.”
Customers and experts, however, pinned blame on combinations of the security update and “G-Buster,” a browser security plug-in widely used in Brazil for online banking; and on the Microsoft patch and Kaspersky Lab security software.
In a support document, Microsoft posted several error messages that were symptoms of the patch failure, and recommended that Windows 7 users uninstall the update.
The revised MS13-036 update is now in the Windows Update service, and will end up downloaded and installed by machines with Automatic Updates enabled. Microsoft urged those who manually download patches to deploy the re-release at their earliest convenience.
Friday, April 19, 2013 @ 02:04 PM gHale
Microsoft’s Patch Tuesday injured quite a few Windows 7 computers earlier this month pushing machines into a continuous reboot loop that led to the Blue Screen.
While the company provided detailed instructions on how to remove the update and even deleted it from the official Download Center, some users reported issues that prevented them from booting to desktop or getting into Safe Mode to perform the removal.
Microsoft has rolled out a new fix, this time in the form of an ISO image that is easy to burn onto a blank disk and then used to repair the computer.
Available from Microsoft’s Download Center, the repair disk should address issues caused by KB2823324 and KB2782476 (KB2840165) on 32-bit Windows 7 computers. The patch can work on old hardware (pre 2004) which does not support NX and isn’t compatible with Bitlocker devices.
“Customers who cannot successfully restart their systems after applying the 2823324 update can download this image to create a bootable DVD or USB drive with which they can boot their systems, uninstall security update 2823324, and return their systems to a normal operating state. Microsoft recommends using this ISO image only if customers cannot successfully restart their systems,” Microsoft said in its advisory.
In reality, users only need to download the provided ISO file, burn it to a CD or DVD, restart the computer and configure BIOS to boot from the disk. Simply follow the on-screen instructions and then reboot the machine once again.
At this point, the repair disk is available in only two languages, English and Portuguese, as the bugs have reportedly affected computers in the United States and in Brazil.
Friday, April 12, 2013 @ 10:04 AM gHale
Microsoft stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen.
Microsoft recommended users uninstall the patch, which is also causing compatibility with some endpoint security software.
“We’ve determined that the update, when paired with certain third-party software, can cause system errors,” said Trustworthy Computing group manager Dustin Childs.
MS13-036 was part of this week’s Patch Tuesday update. It addressed three vulnerabilities in the Windows Kernel-Mode Driver, which if exploited could allow an attacker to elevate their privileges on a compromised machine.
Microsoft rated the vulnerabilities “important” because an exploit would require an attacker to have physical access to a computer. The faulty update does not result in any data loss for users, Childs said. Only update 2823324 ended up removed from the Windows download center, and the remainder of MS13-036 is still available.
Users began reporting issues earlier this week with some systems failing to recover from restarts, or applications failing to load, after the patch installed.
The idea behind the MS13-036 update was to patch two separate race condition vulnerabilities (CVE-2013-1238 and CVE-2013-1292) and a NTFS NULL pointer deference vulnerability (CVE-2013-1293) that lead to privilege escalation for attackers. The update also addresses a font parsing vulnerability (CVE-2013-1291) that could lead to crashes and a denial-of-service condition.
Monday, March 18, 2013 @ 02:03 PM gHale
Third-party applications accounted for almost 90 percent of vulnerabilities last year, a new report said.
Eighty-seven percent of the vulnerabilities found in the top 50 programs affected third-party programs such as Adobe Flash and Reader, Java, Skype, various media players and others outside the Microsoft ecosystem, according to the report from Danish vulnerability research firm Secunia.
That means the remaining 13 percent of the vulnerabilities “stem from operating systems and Microsoft programs,” according to Secunia’s “Vulnerability Review” report.
The number of flaws targeting Windows users rose 5.5 percent last year. The CVE count in Microsoft programs went down 21 percent from 2011 to 2012, a number the report attributes to Microsoft’s Patch Tuesday monthly software security update schedule.
The report also describes the efficiency of patching processes, writing that last year 80 percent of vulnerabilities had a patch available on the day they ended up disclosed, up from 72 percent in the year prior.
The firm detected nearly 10,000 vulnerabilities during the last year across 421 vendors, 20 percent of which Secunia deemed “highly critical.”
The basis of the information comes from data the firm gathered from millions of computers that had the security company’s Personal Software Inspector (PSI) installed over the last year.
Click here to register for a free report download.
Wednesday, January 16, 2013 @ 04:01 PM gHale
Microsoft rolled out an update for Internet Explorer 6, 7 and 8 to close the Zero Day vulnerability which hackers are already using in targeted attacks.
Microsoft’s out-of-band update addresses the critical flaw, the company said in its security advisory. The company had previously released a Fix-It as a workaround to temporarily close the issue. Users who have installed the Fix-It do not need to uninstall it prior to applying the patch, Microsoft said.
“The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically,” Microsoft said in the advisory. Users who update IE manually are strongly encouraged to apply the update as quickly as possible.
This patch comes a week after Microsoft’s scheduled monthly Patch Tuesday release. Security experts had wondered if that meant the company was planning to wait till the February to fix the bug.
Researchers at FireEye discovered in December the Council on Foreign Relations website had been compromised and was infecting visitors using older versions of Internet Explorer by exploiting this vulnerability. Once the Zero Day flaw went public, other researchers uncovered similar attacks on other sites, including microturbine systems manufacturer Capstone Turbine and two Chinese human rights sites. Microsoft released a temporary fix, but researchers at Exodus Intelligence were able to bypass the Fix-It and trigger the security hole.
While the company worked pretty quickly to release this patch, there is still a “high probability” that users haven’t taken the necessary steps, and a large portion of IE users will remain unprotected.
Users are also encouraged to upgrade to Internet Explorer 9 or 10. The issue affects primarily users who are still running Windows XP, which cannot run the newer versions of IE.
Thursday, January 10, 2013 @ 04:01 PM gHale
If it is the start of a new year, then what says Happy New Year more than another Microsoft patch Tuesday as the software giant fixed two critical vulnerabilities and five important vulnerabilities.
The first critical vulnerability, MS13-001, is a flaw in the Windows 7/Windows Server 2008 R2 print spooler service that if exploited could lead to remote code execution.
MS13-002 is the other critical flaw and affects Microsoft XML Core Services. This vulnerability also could lead to remote code execution if someone using Internet Explorer is enticed to surf to a malicious web page. This affects all currently released versions of Windows, including RT.
The five important patches include:
• MS13-003 – Elevation of privilege in Microsoft System Center Operations Manager 2007/R2
• MS13-004 – Elevation of privilege in Microsoft .NET Framework 3.5/3.5.1/4/4.5 on all MS OSs
• MS13-005 – Elevation of privilege in Microsoft Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/RT
• MS13-006 – Security feature bypass in Microsoft Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/RT
• MS13-007 – Denial of Service in Microsoft .NET Framework on Windows XP/Server 2003/Vista/Server 2008/7/Server 2008 R2/8/Server 2012
Microsoft also released an updated Flash Player for Internet Explorer 10 on Windows 8/Server 2012/RT to address CVE-2013-0630.
None of the patches included the Internet Explorer Zero Day that released two weeks ago.
Friday, May 11, 2012 @ 12:05 PM gHale
A heater unit failed at the Shell Norco chemical plant in Louisiana forcing a portion of the facility to shut down Tuesday.
The fire and smoke flaring up was visible for up to 25 miles away, officials said.
Fence line monitoring at ground level by Shell officials Tuesday and additional monitoring Wednesday by state environmental workers indicated no elevated levels of chemicals in the air, said Louisiana Department of Environmental Quality spokeswoman Jean Kelly.
Several chemicals, including benzene, ethylene, hydrogen sulfide, nitrogen oxide and propylene end up released in the incident, company officials said. But Shell Norco spokeswoman Emily Oberton saids there was no danger to the community.
Oberton said inclement weather caused the plant’s mechanical problems.
Friday, May 11, 2012 @ 11:05 AM gHale
Duqu is still causing issues with Microsoft as the software giant released seven bulletins to close 23 vulnerabilities on its May Patch Tuesday.
This latest update closes various holes in quite a few products because of a critical hole in the code for processing TrueType fonts exploited by the Duqu spyware last year. The company closed the hole in the Windows kernel in December, but then programmers used a code scanner to find the vulnerable code in numerous other components; among them is the gdiplus.dll library, which various browsers use to render web fonts.
Some of the vulnerable files contained further holes that Microsoft also patched within the same bulletin – meaning this update fixes a number of other flaws in addition to the original vulnerability. It closes holes in all currently supported versions of Windows (from XP SP3 onwards, including Server), Office, the .NET framework and Silverlight. These “bonus” holes include three privilege escalation problems in the Windows kernel, including flaws in the code for processing keyboard layouts.
Another bulletin closes a critical hole in the code for processing RTL documents. It affects Office 2003, 2007 as well as Office Compatibility Packs SP2 and 3. The vulnerability has also been closed in Office for Mac 2008 and 2011. Bulletin MS12-035 addresses two critical holes in the .NET framework.
The remaining four bulletins fix holes that have the second highest threat rating, “important.” These vulnerabilities affect Office, Visio Viewer 2010, the Windows partition manager and the Windows firewall and TCP stack.