Internet Security Systems - AlertCon(TM)

December 2010 Microsoft Super Tuesday

Posted by Shane Garrett on December 14, 2010 at 2:24 PM EST.

This month's Super Tuesday drop from Microsoft is the largest to date, eclipsing the previous largest update in October.  There are seventeen bulletins covering forty separate CVEs.  Following are our thoughts on a selection of the vulnerabilities.

  • MS10-091: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Remote Code Execution

    Three vulnerabilities are patched in the driver that supports rendering of OpenType fonts.  Though they were separate issues, all can lead to kernel level remote code execution if a victim attempts to render the malicious font.  The bulletin rates this as a critical update for Windows Vista, 7 and 2008 since they can be remotely exploited, if explorer attempts to render them in preview mode, by browsing to a remote share that contains a malicious font.  These patches are only rated important for previous versions of Windows since they will not attempt to preview OTF fonts.  Keep in mind that some browsers such as Mozilla Firefox and Opera support rendering of embedded OTF fonts in web pages so any Windows operating system using such a browser can be remotely exploited by viewing a malicious web page.

  • MS10-90: Cumulative Security Update for Internet Explorer

    Seven vulnerabilities are patched in various versions of Internet Explorer, five of which potentially lead to remote code execution.  Three of the vulnerabilities were publically disclosed, two that can lead to information disclosure and one, CVE-2010-3962, that has been exploited in the wild for remote code execution.  Bugs in Internet Explorer can also potentially be exploited in email clients like Outlook that use IE for rendering HTML content.  Fortunately most mail clients are configured to not allow scripting and ActiveX content in HTML email and are therefore protected from a lot of the attacks, like these, that rely on dynamic behavior.

  • MS10-092: Vulnerability in Task Scheduler Could Allow Elevation of Privilege

    This vulnerability was used by the Stuxnet botnet to gain system level privilege and was later publically disclosed in a proof of concept.  This local, escalation of privilege vulnerability affects the task scheduler on Windows Vista, 7 and 2008.  We recommend applying this patch as the exploit code is already in use and publically available.

There are also a number of insecure DLL loading vulnerabilities patched across a range of software.  We mentioned in a previous blog article that we expected to see more of these bugs appear as the remote exploitability of them became apparent

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.