Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released.
MS 05-54: Cumulative Security Update for Internet Explorer
MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege.
More later in the day I’m sure.
The Kernel Vulnerability described here is an escalation of privilige vulnerability (local only?)
Here’s some info from SANs… kernel vulnerability:
A vulnerability in the Asynchronous Procedure Call queue allows local users to escalate their privileges. A regular user (who has to be logged in first) could use this vulnerability to gain Administrator privileges.
Microsoft rates this vulnerability as “Important” as there is no direct remote vector to exploit this issue. However, coupled with an Internet Explorer vulnerability or similar issues, this could be used to gain Administrator privileges even if a user runs Internet Explorer as a less privileged user.
Note that remote exploit may be possible if user credentials are known.
Explorer cumulitive update:
File Download Dialog Box Manipulation Vulnerability – CAN-2005-2829
HTTPS Proxy Vulnerability- CAN-2005-2830:
COM Object Instantiation Memory Corruption Vulnerability – CAN-2005-2831:
Mismatched Document Object Model Objects Memory Corruption Vulnerability – CAN-2005-1790:
–update 2:18 EST–
The security fix has mentioned the fixes and details the history of the zero-day exploit. It’s also worth mentioning – he points out that this cumulitive fix also removes a component left behind by Sony’s uninstaller for the XCP software. I need to re-read….
Related PostsRelated Posts
- Microsoft October 2006 patch Tuesday The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of......
- Massive Windows Update Tuesday Microsoft had a mammoth patch Tuesday this month with 28 bug fixes (23 critical). (Computerworld article linked above. This is one of the largest update releases in five years (!) Those fixes were wrapped up in 8 updates for Internet Exporer, Office, Sharepoint, Windows media player and visual studio and......
- Internet Explorer 0-day (take 2 of the last few days...) The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML... Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch......
- Spyware: The New Annoying Threat A friend called me one day, frustrated out of his mind that his computer was acting very strange. When he opened his Internet Explorer, it sent him to a strange site and pop-up windows kept covering his screen. He even complained about the performance of his Intel Pentium 4 computer......
- Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
- Low Cost Computing for a Baby Boomer Lifestyle I rely heavily on personal computers for work and home activities. So do you. One of my objectives over the past couple of years has been to reduce the cost of computing in the one area where cost-control is easiest: software. I have found many free software applications that work......
- Exploit for Unpatched Internet Explorer vulnerability
- Linux Local kernel vulnerability
- 3 Critical Microsoft Updates, 1 Important, 1 Moderate and 1 re-released
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit
- DoS Exploit for MS-053