Summary:
- These vulnerabilities affect: All versions of Windows XP and Server 2003, as well as the 64-bit versions of Windows 7 and Server 2008 R2
- How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a specially crafted website
- Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
Exposure:
Today, Microsoft released two Windows security bulletins describing two vulnerabilities that, combined, affect many of the currently used versions of Windows. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
- MS10-042: Windows Help and Support Center Zero Day Vulnerability
About a month ago, Tavis Ormandy, an Information Security Engineer at Google, disclosed a complicated, yet serious security vulnerability in Windows’ Help and Support Center (Helpctr.exe) to the Full-Disclosure mailing list. Essentially, the issue has to do with a security bypass vulnerability in Helpctr.exe combined with a Cross-Site Scripting (XSS) flaw in one of Windows’ default help documents. You can learn more about this flaw in our original Wire post. In short, if an attacker can lure you to a specially crafted web page or link, he can leverage these flaws to execute code on your computer, possibly gaining full control of it. Ormandy included a Proof-of-Concept (PoC) exploit with his early disclosures, and a few days later, attackers reportedly began exploiting this flaw in the wild. For this reason, we recommend you download, test, and deploy this update as quickly as you can. This vulnerability only affects Windows XP and Server 2003.
Microsoft rating: Critical.
- MS10-043: Canonical Display Driver Vulnerability Affects Windows x64
In May, Microsoft also released a Security Advisory about an unpatched image handling vulnerability involving the Canonical Display Driver (Cdd.dll) that ships with the 64-bit versions of Windows 7 and Server 2008 R2. We described this vulnerability in this Wire post. Basically, if an attacker can entice you to a malicious website containing a specially crafted image, or into opening such an image within an application that uses the flawed graphics APIs, he can exploit this flaw to either cause your machine to crash and reboot with a Blue Screen of Death (BSOD), or to execute code on your machine with your privileges. Since most Windows users have local administrative privileges, attackers could likely leverage this flaw to gain complete control of a victim’s PC. Today’s bulletin fixes this previously unpatched issue.
Microsoft rating: Critical.
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
Does My Firewall Help?
Attackers can exploit these flaws using diverse exploitation methods, including by simply tricking you into viewing a malicious image. Therefore, installing Microsoft’s updates is your most secure course of action.
Status:
Microsoft has released patches correcting these issues.