Blog
08.12.2008 - 5:47 PM
This month, Microsoft released 11 security bulletins of which 6 were rated critical.
Microsoft has finally patched the Snapshot Viewer ActiveX control vulnerability, which we have previously blogged about when we discovered hundreds of sites silently infecting their visitors with modified proof-of-concept exploit code. The window of exposure for this web-borne attack is at least 1 month and 5 days, given that it was first publicly announced on July 7th and only patched today.
Our next point of interest is the MS Windows Image Color Management System (MS08-046) remote code execution vulnerability. Why is this particularly interesting to us? Because all one needs to do to get infected is to accidentally display a specially crafted image file. It could be an image that's a part of a web site that the victim visited, or an image embedded inside of an MS Office document forwarded from a co-worker (it was supposed to be one of those funny viral jokes!)
The special image only needs to be displayed — explicit double-clicking on suspicious icons or any user-intervention not necessary. Yes, this could be used by malicious sites for a drive-by attack. We wouldn't be surprised to see social-engineering unsolicited emails with links that would lead to these malicious sites.
If that's not enough web threats for this month, there's also a cumulative security update for Internet Explorer.
This month's Patch Tuesday honor roll —
Rated Critical:
MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
MS08-045 - Cumulative Security Update for Internet Explorer
MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
Rated Important:
MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure
MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution
MS08-048 - Security Update for Outlook Express and Windows Mail
MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure
MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
As always, we'll continue to proactively seek and report on such threats when we detect them in the wild — and strive to protect, especially during the critical window-of-exposure period.
Security Researchers: Moti Joseph and Jay Liew
Bookmark This Post:
Post a Comment:
Microsoft has finally patched the Snapshot Viewer ActiveX control vulnerability, which we have previously blogged about when we discovered hundreds of sites silently infecting their visitors with modified proof-of-concept exploit code. The window of exposure for this web-borne attack is at least 1 month and 5 days, given that it was first publicly announced on July 7th and only patched today.
Our next point of interest is the MS Windows Image Color Management System (MS08-046) remote code execution vulnerability. Why is this particularly interesting to us? Because all one needs to do to get infected is to accidentally display a specially crafted image file. It could be an image that's a part of a web site that the victim visited, or an image embedded inside of an MS Office document forwarded from a co-worker (it was supposed to be one of those funny viral jokes!)
The special image only needs to be displayed — explicit double-clicking on suspicious icons or any user-intervention not necessary. Yes, this could be used by malicious sites for a drive-by attack. We wouldn't be surprised to see social-engineering unsolicited emails with links that would lead to these malicious sites.
If that's not enough web threats for this month, there's also a cumulative security update for Internet Explorer.
This month's Patch Tuesday honor roll —
Rated Critical:
MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
MS08-045 - Cumulative Security Update for Internet Explorer
MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
Rated Important:
MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure
MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution
MS08-048 - Security Update for Outlook Express and Windows Mail
MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure
MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
As always, we'll continue to proactively seek and report on such threats when we detect them in the wild — and strive to protect, especially during the critical window-of-exposure period.
Security Researchers: Moti Joseph and Jay Liew