Severity: High
Summary:
- These vulnerabilities affect: Most current versions of Windows and Silverlight 5 (For PC and Mac)
- How an attacker exploits them: Multiple vectors of attack, including luring users to malicious web content or running specially crafted programs
- Impact: In the worst case, an attacker can gain complete control of your Windows computer.
- What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.
Exposure:
Today, Microsoft released two security bulletins that describe four vulnerabilities in Windows and the Silverlight component, which is commonly installed with it. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical one – as quickly as possible.
The summary below lists the vulnerabilities, in order from highest to lowest severity.
- MS13-022: .NET Framework and Silverlight Code Execution Flaw
Silverlight is a cross-platform and cross-browser software framework used by developers to create rich media web applications. It suffers from something experts call a double dereference vulnerability involving how Silverlight handles specially crafted HTML objects. If an attacker can lure one of your Silverlight users to a malicious web site (or a legitimate site booby-trapped with malicious code), he can exploit this flaw to execute code on that user’s computer, with the user’s privileges. As usual, if you are a local administrator, the attacker could exploit this to gain full control of your machine.
Microsoft rating: Critical
- MS13-027 : Three Kernel-Mode Driver Elevation of Privilege Flaws
The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers from three local elevation of privilege flaws having to do with how it improperly handles objects in memory. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, in order to run his malicious program, the attacker would first need to gain local access to your Windows computer or trick you into running it yourself, which significantly lessens the severity of this vulnerability.
Microsoft rating: Important
Solution Path:
Microsoft has released Windows and Silverlight patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.
The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:
For All WatchGuard Users:
Attackers can exploit some of these flaws locally. Since your gateway XTM appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.
Status:
Microsoft has released patches correcting these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
What did you think of this alert? Let us know at [email protected].
Alexander Kushnarev (Rainbow Security) says
I’ve read about a number of ways, invented by hackers, to convince a user to do something, that will lead to start an attack against user’s PC: open a file, follow the link in e-mail, redirect from compromised site to specially crafted resource for injecting malicious code and so on.
But only today, then reading description of vulnerability in Microsoft Silverlight, and then I’ve noticed this sentence: “it could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems” – I’ve asked myself – to WHAT EXTENT the influence of Web-banners can be used by cyber criminals, to provide the hacking functionality? Even after Googling this point – it’s still not obvious for me, because I’m not expert in Web-programming. But it’s “mental pabulum”…
Corey Nachreiner says
Malicious Advertising links are relatively common. Since web masters are often keen to monetize their web site, they are not always as picky as they should be about picking ad partners. And some of the advertising frameworks, make it pretty easy for a malicious person to submit content. That or, the attacker just leverages some sort of injection flaw (XSS or SQLi) to get malicious content into the ad network. Recently, I even think there was an OS X threat that passed via malicious ads. Here’s a story on the topic:
http://www.stillsecure.com/blog/2013/03/14/rise-malicious-advertisements-rory-smith-soc-analyst
BTW, attackers are also increasingly leverage blackhat SEO technique to get their malicious links to show up in popular search results.
avacook554 says
Great blog post ! I look-forward to reading more. effective seo software