• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Three Windows Updates Fix Less Risky Vulnerabilities

June 11, 2013 By Corey Nachreiner

Severity: Medium

Summary:

  • These vulnerabilities affect: All current versions of Windows or components often packaged with it (like the print spooler)
  • How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or running malicious programs locally
  • Impact:  Varies, ranging from a remote Denial of Service (DoS) attack to local attackers gaining complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released three security bulletins describing vulnerabilities affecting Windows or components related to it. They only rate these bulletins as Important or Moderate, due to limited impact or mitigating factors. Each of these vulnerabilities affects different versions of Windows to varying degrees. In the worst case, a local attacker could exploit one of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates at your earliest convenience.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS13-048: Windows Kernel Information Disclosure Flaw

The kernel is the core component of any computer operating system. The Windows kernel suffers from an information disclosure vulnerability, which attackers can leverage to gain unauthorized access to the contents in kernel memory. Though this flaw would not allow an attacker to gain elevated privileges on an affected system, the attacker could gain access to privileged information, which might help further their attack.  In order to exploit the flaw, a local attacker would have to run a specially crafted program. However, the attacker would first need to gain local access to your Windows computer using valid credentials. This factor significantly reduces the severity of the issue

Microsoft rating: Important

  • MS13-049: TCP/IP Driver DoS

The TCP/IP driver is one of the kernel-mode drivers that help Windows handle TCP/IP networking traffic. It suffers from an unspecified Denial of Service (DOS) vulnerability having to do with its inability to handle certain TCP packets. By sending specially crafted packets to a vulnerable Windows computer, an attacker could cause the computer to stop responding. Though attackers couldn’t exploit this flaw to gain control of your computers, they can leverage it to cause downtime. Firewalls, like WatchGuard’s XTM appliances, can typically mitigate this type of attack by preventing external attackers access to your internal Windows computers.

Microsoft rating: Moderate

  • MS13-050: Print Spooler Elevation of Privilege Flaw

The print spooler is a Windows service that manages printing. It suffers from an unspecified elevation of privilege vulnerability having to do with its inability to properly free memory when you delete a printer connection. If an attacker can gain enough local access to your computer to delete a printer connection, she can exploit this flaw to elevate her privileges and execute code with full system privileges. Of course, they’d need credentials on the targeted system, and local access to it in order to carry out this attack. These requirements significantly mitigate the risk of this flaw.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

  • MS13-048
  • MS13-049
  • MS13-050

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. However, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS13-048
  • Microsoft Security Bulletin MS13-049
  • Microsoft Security Bulletin MS13-050

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at [email protected].

Share This:

Related

Filed Under: Security Bytes Tagged With: elevation of Privilege, integer overflow, Kernel-mode drivers, Microsoft, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use