Sunday, January 09, 2011

Assessing the risk of public issues currently being tracked by the MSRC

To help clear up confusion regarding public issues being tracked by the Microsoft Security Research & Defense team, the table below was published at the MSRC Blog

The risk to the vulnerabilities can be removed by applying the provided work-around.

Issue Status Mitigation
Internet Explorer 6/7/8 vulnerability in recursive style sheet importing. (CVE-2010-3971) Public, exploit code is available. We are seeing limited exploitation. As listed in Security Advisory #2488013, EMET is an effective mitigation tool. Anti-virus and IDS/IPS signatures developed by our MAPP partners for this issue have also been quite effective at detecting and blocking attacks.
Windows graphics rendering engine vulnerability in parsing BMP thumbnails embedded within an OLESS document container. (CVE-2010-3970) Public exploit code was posted this week. Proof-of-concept code we have seen so far requires a user to browse to an attacker-writable folder using Windows Explorer. If Explorer is set to display thumbnails or a preview of contained files (neither setting is the default), the chance of code execution exists. Current proof-of-concept code is not successful when Explorer is set to display files in the default List mode. As listed in Security Advisory #2490606, modify the Access Control List on shimgvw.dll. The advisory also lists a one-click FixIt to automate this configuration change.
IIS 7.0 and 7.5 FTP service vulnerability in encoding Telnet IAC (Interpret As Command) characters in the FTP response. (SRD blog post) As discussed in this SRD blog post, attempts to exploit this vulnerability would most likely result in a Denial-of-Service. We have not seen attempts to exploit this vulnerability for code execution. The FTP service is not installed by default with IIS 7 or IIS 7.5. And when it is installed, it is not enabled by default. If you have enabled IIS FTP service, consider disabling it, if possible, until a security update is available.
Internet Explorer fuzzer released publicly capable of hitting Internet Explorer crashes A fuzzer for various browsers was released, as well as information on a crash that shows a potentially exploitable condition. While the fuzzer is successful in encountering exploitable memory corruption issues in Internet Explorer, we have been unable so far to turn a crash into a stand-alone HTML page that could be used as a browse-and-own exploit. Encountering the issues appears dependent on first loading many previous iterations of HTML in the fuzzer, making the issues we have discovered so far less useful for the purpose of real-world attacks. We are still investigating this issue and will monitor for any developments that may change the current risk. Unable to make an assessment at this time without stand-alone PoC. However, we are working on a security update to address the issues found in fuzzing.
WMI Administrative Tools ActiveX control vulnerability. Only the very few customers who have installed the WMI Administrative Toolkit are vulnerable to this issue. This product has a small number of total downloads. The ActiveX control itself is not signed by Microsoft. This is not a case where an attacker can host a Microsoft-signed ActiveX control and entice the user to make one click to allow it to install. The real-world risk to most customers from this issue is expected to be quite low. This ActiveX control can be killbitted to protect any machines that have installed the WMI Administrative Toolkit. The affected ActiveX control was not intended to be instantiated within Internet Explorer so legitimate use of the WMI Administrative Toolkit should not be impacted by this configuration change. The attached .txt file, if renamed to .reg and opened, will apply the killbit to the affected clsid’s.

Source:  Assessing the risk of public issues currently being tracked by the MSRC

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Advisory, Vulnerabilities, Information, How To,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: