Microsoft Plugs Critical Drive-By Download Holes

Microsoft today released 11 security bulletins with fixes for a total of 25 security vulnerabilities, including several flaws that expose users to browse-and-you're-hacked (malicious drive-by download) attacks.

Two of the bulletins are rated "critical" for all versions of Microsoft's flagship operating system, including Windows 7 and Windows Server 2003 R2.   In some cases, Microsoft is expecting to see "reliable exploit code" released within 30 days, highlighting the importance of applying these patches immediately.

The company urged its users to pay special attention to three bulletins this month -- MS10-019, MS10-026, and MS10-027.  Here's why:

• MS10-019 affects all versions of Windows. While we give this a 2 on the exploitability index, the issue would allow an attacker to alter signed executable content (PE and CAB files) without invalidating the signature. Note that WU/MU content is not affected by this issue due to additional checks made when validating signed content.
• MS10-026 does not affect Windows 7, Windows Server 2008 R2, or Itanium versions of Windows Server 2008 and Windows Server 2003. However, it is critical on Windows 2000, XP, Server 2003 and Server 2008. The vulnerability could be triggered simply by visiting a web page hosting a specially crafted AVI file that began streaming when the page loads.
• MS10-027 affects only Windows 2000 and Windows XP users who could potentially be exploited simply by visiting a specially crafted web page.

This chart from Microsoft's SR&D blog provides a great overview of the bulletins, severity risks and mitigations.

Also see this recap from Qualys spokesman Wolfgang Kandek and a round-up of relevant information from the MSRC blog.

Commenting on this Article is closed.