Site icon Secplicity – Security Simplified

Three Windows Updates Fix Less Risky Vulnerabilities

Corey Nachreiner

Severity: Medium

Summary:

Exposure:

Today, Microsoft released three security bulletins describing vulnerabilities affecting Windows or components related to it. They only rate these bulletins as Important or Moderate, due to limited impact or mitigating factors. Each of these vulnerabilities affects different versions of Windows to varying degrees. In the worst case, a local attacker could exploit one of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates at your earliest convenience.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

The kernel is the core component of any computer operating system. The Windows kernel suffers from an information disclosure vulnerability, which attackers can leverage to gain unauthorized access to the contents in kernel memory. Though this flaw would not allow an attacker to gain elevated privileges on an affected system, the attacker could gain access to privileged information, which might help further their attack.  In order to exploit the flaw, a local attacker would have to run a specially crafted program. However, the attacker would first need to gain local access to your Windows computer using valid credentials. This factor significantly reduces the severity of the issue

Microsoft rating: Important

The TCP/IP driver is one of the kernel-mode drivers that help Windows handle TCP/IP networking traffic. It suffers from an unspecified Denial of Service (DOS) vulnerability having to do with its inability to handle certain TCP packets. By sending specially crafted packets to a vulnerable Windows computer, an attacker could cause the computer to stop responding. Though attackers couldn’t exploit this flaw to gain control of your computers, they can leverage it to cause downtime. Firewalls, like WatchGuard’s XTM appliances, can typically mitigate this type of attack by preventing external attackers access to your internal Windows computers.

Microsoft rating: Moderate

The print spooler is a Windows service that manages printing. It suffers from an unspecified elevation of privilege vulnerability having to do with its inability to properly free memory when you delete a printer connection. If an attacker can gain enough local access to your computer to delete a printer connection, she can exploit this flaw to elevate her privileges and execute code with full system privileges. Of course, they’d need credentials on the targeted system, and local access to it in order to carry out this attack. These requirements significantly mitigate the risk of this flaw.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. However, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Exit mobile version