February 2012 Microsoft Super Tuesday
Posted by Shane Garrett on February 14, 2012 at 1:42 PM EST.
Microsoft’s February drop is pretty large. There are a lot of bugs that were fixed and a lot of updates that really need to be applied. Here are my thoughts on a few of the bulletins that I found particularly interesting.
- MS12-013 – Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution
This bulletin covers a buffer overflow in msvcrt.dll that could lead to memory corruption and code execution. The vulnerability is in the version of the library that shipped with Windows Vista and later OSes. Msvcrt.dll implements the C runtime library and is widely used in Microsoft software. (As a side note, most software built with Visual Studio is linked to different C runtime libraries, not this one.) Any software that linked to this library and used the vulnerable functions is potentially at risk for exploitation. The large attack surface for this vulnerability will make it an attractive target for malware authors, who will likely find creative ways to exploit it remotely. This update needs to be applied immediately.
- MS12-008 – Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
One of the vulnerabilities patched in this update could potentially be used to gain kernel code execution by rendering web content. The vulnerability could also cause a bug-check, that was the result of the simple proof-of-concept that was posted to Twitter. If the words Twitter, PoC, and kernel remote code execution cause you worry, you should apply this update. Even if it doesn’t, you should still apply this update. In the initial discussion of this bug in a GDI component of win32k.sys, it was uncertain what systems were affected because the browser and affected OS were an uncommon pairing. The affected OS listing in the bulletin indicates that this seems to affect all Windows versions.
- MS12-016 – Critical : Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
Two vulnerabilities in .NET were fixed in this update. Both of these are nasty and can be abused to gain remote code execution. This update should definitely be applied; especially considering that attackers may reverse engineer the vulnerabilities after the fix is released. What caught my eye in this bulletin was that CVE-2012-0015 was indicated as being publicly disclosed which would make it an even likelier to become exploited. Luckily the public information about the vulnerability wasn’t easy to find and was fairly light on details.