Microsoft Kicks Off the New Year With Fixes for Current Code Base

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Microsoft Kicks Off the New Year With Fixes for Current Code Base-6 Next

Bulletin 5 is a kernel mode driver elevation of privilege issue. There are two barriers that must be exploited for this attack to work. For example, if you’re using an application with a built-in sandbox, such as Adobe PDF Reader, you have to first bypass the sandbox, which requires its own vulnerability, and you can then go into kernel mode to bump up your integrity level. Interestingly, this exploit only allows you to bump up to a middle rights user, not to admin rights.

According to Paul Henry, security and forensic analyst at Lumension, it looks like 2013 is off to a fairly average start with seven bulletins: two critical and five important. You may recall that January of 2012 also came in with seven bulletins, though only one was critical. After closing out 2012 with more consistency in the number of patches per month, we can only hope that 2013 will continue in that same vein. Fortunately, nothing patched this month is under active exploit and everything reported correctly, so there’s actually pretty minimal risk to users.

This month may be average, but that doesn’t mean it’ll be an easy one for IT. There are a lot of restarts this month and they impact nearly all Windows operating systems.

Before jumping into this month’s bulletins, it’s interesting, though not surprising, to note that Microsoft is still working on a fix for the IE zero-day vulnerability. Henry figures that we’ll either see an out-of-band patch or something next month. If you haven’t already, install the Fix It workaround, especially if you’re using an older version of IE. The Fix It will block all the known exploits, and if new attacks come up, your browser will simply crash, which is preferable to the alternative.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.