Silverlight and Windows Kernel-Mode Driver Patches

Severity: High

Summary:

• These vulnerabilities affect: Most current versions of Windows and Silverlight 5 (For PC and Mac)
• How an attacker exploits them: Multiple vectors of attack, including luring users to malicious web content or running specially crafted programs
• Impact: In the worst case, an attacker can gain complete control of your Windows computer.
• What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released two security bulletins that describe four vulnerabilities in Windows and the Silverlight component, which is commonly installed with it. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical one – as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

• MS13-022: .NET Framework and Silverlight Code Execution Flaw

Silverlight is a cross-platform and cross-browser software framework used by developers to create rich media web applications. It suffers from something experts call a double dereference vulnerability involving how Silverlight handles specially crafted HTML objects. If an attacker can lure one of your Silverlight users to a malicious web site (or a legitimate site booby-trapped with malicious code), he can exploit this flaw to execute code on that user’s computer, with the user’s privileges. As usual, if you are a  local administrator, the attacker could exploit this to gain full control of your machine.

Microsoft rating: Critical

• MS13-027 :  Three Kernel-Mode Driver Elevation of Privilege Flaws

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers from three local elevation of privilege flaws having to do with how it improperly handles objects in memory. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, in order to run his malicious program, the attacker would first need to gain local access to your Windows computer or trick you into running it yourself, which significantly lessens the severity of this vulnerability.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows and Silverlight patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

• MS13-022
• MS13-027

For All WatchGuard Users:

Attackers can exploit some of these flaws locally. Since your gateway XTM appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS13-022
• Microsoft Security Bulletin MS13-027

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.