Microsoft Patches Vulnerability Under Attack and Google-Disclosed Zero Day For the first time in more than a decade, the majority of Windows IT shops walked blindly into Patch Tuesday. After announcing last week that it would no longer provide its Advanced Notification Service of upcoming security bulletins to the public, Microsoft today ladeled eight bulletins upon admins’ plates, including a patch for a vulnerability publicly disclosed by Google after expiration of its self-imposed 90-day disclosure deadline. One of the bulletins was rated critical by Microsoft, but another set of patches rated important by the company may merit more priority. Microsoft said that MS15-004 which patches a directory traversal vulnerability in the TS WebProxy Windows component, is being used in limited attacks. The lesser severity rating is likely because the vulnerability, CVE-2015-0016, would have to be combined with another security flaw to enable remote code execution. “For example, an attacker could exploit another vulnerability to run arbitrary code through Internet Explorer, but due to the context in which processes are launched by Internet Explorer, the code might be restricted to run at a low integrity level (very limited permissions),” Microsoft said in its advisory. “However, an attacker could, in turn, exploit this vulnerability to cause the arbitrary code to run at a medium integrity level (permissions of the current user).” The vulnerability is present because Windows fails to properly sanitize file paths, Microsoft said. Successful exploits could allow an attacker to remotely install malware, manipulate data, or create new accounts, all with the user’s privileges. An attacker would have to entice a user to download a malicious application designed to exploit the vulnerability, or host a malicious website that would exploit the bug. A temporary workaround, Microsoft said, would be to remove TSWbPrxy from the IE Elevation Policy. The flaw is found in Windows systems starting with Vista. The only critical bulletin, MS15-002, affects Windows Servers with Telnet enabled; it is not installed by default and Vista and later versions of Windows, Microsoft said. The vulnerability, CVE-2015-0014, is a buffer overflow in Windows Telnet service that leads to remote code execution. Microsoft said there are no reports of public exploits. “The vulnerability is caused when the Telnet service improperly validates user input. An attacker could attempt to exploit this vulnerability by sending specially crafted telnet packets to a Windows server, and if successful, could then run arbitrary code on the server,” Microsoft said in its advisory. “The update addresses the vulnerability by correcting how Telnet validates user input.
Posted on: Wed, 14 Jan 2015 11:05:18 +0000
Trending Topics
Recently Viewed Topics
© 2015