• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Silverlight and Windows Kernel-Mode Driver Patches

March 12, 2013 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Most current versions of Windows and Silverlight 5 (For PC and Mac)
  • How an attacker exploits them: Multiple vectors of attack, including luring users to malicious web content or running specially crafted programs
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer.
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released two security bulletins that describe four vulnerabilities in Windows and the Silverlight component, which is commonly installed with it. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical one – as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS13-022: .NET Framework and Silverlight Code Execution Flaw

Silverlight is a cross-platform and cross-browser software framework used by developers to create rich media web applications. It suffers from something experts call a double dereference vulnerability involving how Silverlight handles specially crafted HTML objects. If an attacker can lure one of your Silverlight users to a malicious web site (or a legitimate site booby-trapped with malicious code), he can exploit this flaw to execute code on that user’s computer, with the user’s privileges. As usual, if you are a  local administrator, the attacker could exploit this to gain full control of your machine.

Microsoft rating: Critical

  • MS13-027 :  Three Kernel-Mode Driver Elevation of Privilege Flaws

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers from three local elevation of privilege flaws having to do with how it improperly handles objects in memory. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, in order to run his malicious program, the attacker would first need to gain local access to your Windows computer or trick you into running it yourself, which significantly lessens the severity of this vulnerability.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows and Silverlight patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

  • MS13-022
  • MS13-027

For All WatchGuard Users:

Attackers can exploit some of these flaws locally. Since your gateway XTM appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS13-022
  • Microsoft Security Bulletin MS13-027

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at [email protected].

Share This:

Related

Filed Under: Security Bytes Tagged With: elevation of Privilege, Kernel-mode drivers, Microsoft, silverlight, Updates and patches

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    March 16, 2013 at 8:07 am

    I’ve read about a number of ways, invented by hackers, to convince a user to do something, that will lead to start an attack against user’s PC: open a file, follow the link in e-mail, redirect from compromised site to specially crafted resource for injecting malicious code and so on.
    But only today, then reading description of vulnerability in Microsoft Silverlight, and then I’ve noticed this sentence: “it could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems” – I’ve asked myself – to WHAT EXTENT the influence of Web-banners can be used by cyber criminals, to provide the hacking functionality? Even after Googling this point – it’s still not obvious for me, because I’m not expert in Web-programming. But it’s “mental pabulum”…

    Reply
    • Corey Nachreiner says

      March 25, 2013 at 10:32 am

      Malicious Advertising links are relatively common. Since web masters are often keen to monetize their web site, they are not always as picky as they should be about picking ad partners. And some of the advertising frameworks, make it pretty easy for a malicious person to submit content. That or, the attacker just leverages some sort of injection flaw (XSS or SQLi) to get malicious content into the ad network. Recently, I even think there was an OS X threat that passed via malicious ads. Here’s a story on the topic:

      http://www.stillsecure.com/blog/2013/03/14/rise-malicious-advertisements-rory-smith-soc-analyst

      BTW, attackers are also increasingly leverage blackhat SEO technique to get their malicious links to show up in popular search results.

      Reply
  2. avacook554 says

    July 18, 2013 at 9:26 am

    Great blog post ! I look-forward to reading more. effective seo software

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use