Severity: Medium
Summary:
- These vulnerabilities affect: All current versions of Windows or components often packaged with it (like the print spooler)
- How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or running malicious programs locally
- Impact: Varies, ranging from a remote Denial of Service (DoS) attack to local attackers gaining complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you
Exposure:
Today, Microsoft released three security bulletins describing vulnerabilities affecting Windows or components related to it. They only rate these bulletins as Important or Moderate, due to limited impact or mitigating factors. Each of these vulnerabilities affects different versions of Windows to varying degrees. In the worst case, a local attacker could exploit one of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates at your earliest convenience.
The summary below lists the vulnerabilities, in order from highest to lowest severity.
- MS13-048: Windows Kernel Information Disclosure Flaw
The kernel is the core component of any computer operating system. The Windows kernel suffers from an information disclosure vulnerability, which attackers can leverage to gain unauthorized access to the contents in kernel memory. Though this flaw would not allow an attacker to gain elevated privileges on an affected system, the attacker could gain access to privileged information, which might help further their attack. In order to exploit the flaw, a local attacker would have to run a specially crafted program. However, the attacker would first need to gain local access to your Windows computer using valid credentials. This factor significantly reduces the severity of the issue
Microsoft rating: Important
- MS13-049: TCP/IP Driver DoS
The TCP/IP driver is one of the kernel-mode drivers that help Windows handle TCP/IP networking traffic. It suffers from an unspecified Denial of Service (DOS) vulnerability having to do with its inability to handle certain TCP packets. By sending specially crafted packets to a vulnerable Windows computer, an attacker could cause the computer to stop responding. Though attackers couldn’t exploit this flaw to gain control of your computers, they can leverage it to cause downtime. Firewalls, like WatchGuard’s XTM appliances, can typically mitigate this type of attack by preventing external attackers access to your internal Windows computers.
Microsoft rating: Moderate
- MS13-050: Print Spooler Elevation of Privilege Flaw
The print spooler is a Windows service that manages printing. It suffers from an unspecified elevation of privilege vulnerability having to do with its inability to properly free memory when you delete a printer connection. If an attacker can gain enough local access to your computer to delete a printer connection, she can exploit this flaw to elevate her privileges and execute code with full system privileges. Of course, they’d need credentials on the targeted system, and local access to it in order to carry out this attack. These requirements significantly mitigate the risk of this flaw.
Microsoft rating: Important
Solution Path:
Microsoft has released Windows updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.
The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:
For All WatchGuard Users:
WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. However, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.
Status:
Microsoft has released patches correcting these issues.
References:
- Microsoft Security Bulletin MS13-048
- Microsoft Security Bulletin MS13-049
- Microsoft Security Bulletin MS13-050
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).
What did you think of this alert? Let us know at [email protected].
Leave a Reply