Critical Windows Fixes For DirectShow, Network-based Attacks
Today's Patch Tuesday update release from Microsoft ships out a bevy of high-priority fixes, including five rated critical. Many of the vulnerabilities are likely to be attacked, according to Redmond.
A fix for a flaw involving DirectShow "should be at the top of your list," according to the Microsoft Security Reponse Center blog. Opening a poisoned .avi file could trigger an attack on a vulnerable system. The MS10-013 update is critical for all supported Windows systems except for Itanium-based Server 2003, Server 2008 and Server 2008 R2 machines.
A second critical flaw in the Windows Shell Handler could allow a malicious Web site to execute commands (such as installing a Trojan) on vulnerable Windows 2000, XP and Server 2003 systems. The flaw hasn't been publicly attacked, according to Microsoft, but the company still assigns the MS10-007 patch an exploitability rating of 1, meaning we'll likely see attacks against the underlying vulnerability.
Next comes a hole involving SMB (used for network file sharing) that is of most concern to business environments with a file server. According to Symantec, "if an attacker can find a vulnerable remote server that has a guest account set up, just like that, they've got access to the machine and possibly the entire local network." The MS10-006 patch is critical for Windows 2000, XP, Server 2003, Windows 7 and Windows 2008 R2, but is only rated important for Windows Vista and Server 2008.
The MS10-009 update closes additional network-based vulnerabilities, this time in Windows' TCP/IP implementation. The patch closes four separate holes, the most serious of which can be targeted with a specially crafted IPv6 packets (the target system would need to have IPv6 enabled). MS10-009 is critical for Vista and Server 2008, but other Windows versions aren't affected.
A fifth and final critical-rated update rolls out additional killbits for Internet Explorer, which prevent vulnerable ActiveX controls from running in the browser. MS10-008 is rated critical for Windows 2000 and XP, important for Vista and Window 7, moderate for Server 2003 and only of low importance for Server 2008.
Yet another patch didn't rate critical, but is still listed as top priority by the MSRC post because of publicly available proof-of-concept attack code. The vulnerability fixed by MS10-015 allows a logged-in user to run a "specially crafted application" to gain additional privileges on a system. Such privilege escalation attacks are sometimes used in multi-pronged invasions of high-value networks to gain administrative control. This patch addresses Security Advisory 979682.
In addition to these high-priority fixes, Redmond's large patch batch also includes six other important-rated updates and one rated moderate. To pick up all the fixes for your system, fire up Windows Update.