This month, Microsoft issued 5 security bulletins covering 15 vulnerabilities in Excel and Windows. These updates are considered important rather than critical, as by the time of the patch there was no malicious code exploiting the vulnerabilities in the wild. Adobe also released a security bulletin patching 13 vulnerabilities in Acrobat Reader. Websense® Security Labs highly recommends applying the updates in order to avoid cyber criminals who may use these security holes for their malicious activities.
Arguably the most important bulletin is MS11-072, which targets five different vulnerabilities in Microsoft Office. An attacker could use any of these to execute arbitrary code on the computer with the same access rights as the user. This is a focus for any security researcher as hackers are constantly looking for newer ways to distribute their badware. Such issues are probably getting more and more headlines as Adobe's sandboxing system and regular security patches seem to be paying off, meaning an up-to-date system is much less prone to successful exploits by vulnerabilities in PDFs.
This does not mean, of course, that we will see no more vulnerabilities in Acrobat Reader. This Tuesday Adobe Issued a security bulletin too, fixing 13 vulnerability issues in their product. Each of the vulnerabilities could allow an attacker to execute a code on the host computer allowing them to take full control of it. This patch is rated as critical, therefore it is strongly recommended to apply it.
Also worth mentioning is that many companies have updated their DigiNotar certificates – Microsoft, Adobe, and even Mozilla Firefox issued the updates. Firefox even released an additional security patch targeting this issue. Please check that you have applied the latest updates so you are fully protected.
Is your organization using the latest Firefox 6 or Internet Explorer 9? Which one did you find more secure? Give us your thoughts in the comments.
Vulnerabilities patched by Microsoft on 13 September 2011:
MS11-070 WINS Local Elevation of Privilege Vulnerability (CVE-2011-1984)
MS11-071 Windows Components Insecure Library Loading Vulnerability (CVE-2011-1991)
MS11-072 Excel Use after Free WriteAV Vulnerability (CVE-2011-1986)
MS11-072 Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1987)
MS11-072 Excel Heap Corruption Vulnerability (CVE-2011-1988)
MS11-072 Excel Conditional Expression Parsing Vulnerability (CVE-2011-1989)
MS11-072 Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1990)
MS11-073 Office Component Insecure Library Loading Vulnerability (CVE-2011-1980)
MS11-073 Office Uninitialized Object Pointer Vulnerability (CVE-2011-1982)
MS11-074 XSS in SharePoint Calendar Vulnerability (CVE-2011-0653)
MS11-074 HTML Sanitization Vulnerability (CVE-2011-1252)
MS11-074 Editform Script Injection Vulnerability (CVE-2011-1890)
MS11-074 Contact Details Reflected XSS Vulnerability (CVE-2011-1891)
MS11-074 SharePoint Remote File Disclosure Vulnerability (CVE-2011-1892)
MS11-074 SharePoint XSS Vulnerability (CVE-2011-1893)
Vulnerabilities patched by Adobe on 13 September 2011:
Local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
Security bypass vulnerability that could lead to code execution (CVE-2011-2431).
Buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2433).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2434).
Buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
Heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2437).
Stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
Memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
Use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
Stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
Logic error vulnerability that could lead to code execution (CVE-2011-2442).
Websense Security Labs and our ThreatSeeker Network are constantly monitoring for these threats occurring in the wild.
Leave a reply
