Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released.
MS 05-54: Cumulative Security Update for Internet Explorer
MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege.
More later in the day I’m sure.
The Kernel Vulnerability described here is an escalation of privilige vulnerability (local only?)
Here’s some info from SANs… kernel vulnerability:
A vulnerability in the Asynchronous Procedure Call queue allows local users to escalate their privileges. A regular user (who has to be logged in first) could use this vulnerability to gain Administrator privileges.
Microsoft rates this vulnerability as “Important” as there is no direct remote vector to exploit this issue. However, coupled with an Internet Explorer vulnerability or similar issues, this could be used to gain Administrator privileges even if a user runs Internet Explorer as a less privileged user.
Note that remote exploit may be possible if user credentials are known.
Explorer cumulitive update:
File Download Dialog Box Manipulation Vulnerability – CAN-2005-2829
HTTPS Proxy Vulnerability- CAN-2005-2830:
COM Object Instantiation Memory Corruption Vulnerability – CAN-2005-2831:
Mismatched Document Object Model Objects Memory Corruption Vulnerability – CAN-2005-1790:
–update 2:18 EST–
The security fix has mentioned the fixes and details the history of the zero-day exploit. It’s also worth mentioning – he points out that this cumulitive fix also removes a component left behind by Sony’s uninstaller for the XCP software. I need to re-read….
Related PostsRelated Posts
- Internet Explorer 0-day (take 2 of the last few days...) The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML... Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch......
- Firefox 188.8.131.52 out.... I haven't seen news to this yet, just found it on Mozilla.com, but the 184.108.40.206 release of firefox seems to have been released sometime today. (220.127.116.11 of Thunderbird was announced earlier today.) I don't know how quick Google is at directing to the new version of firefox, but I'll include......
- Microsoft October 2006 patch Tuesday The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of......
- Microsoft to Improve User Access Control in Windows 7 I was just reading a Slashdot article about Microsoft improving User Access Control (UAC) in Windows 7. In the cited PC Pro article, Microsoft engineer Ben Fathi says: We've heard loud and clear that you are frustrated. You find the prompts too frequent, annoying, and confusing. We still want to......
- Windows 7 Sales Spike to Overtake Mac OS X [/caption]Proving there is no accounting for taste Microsoftâs latest attempt at a decent operating system, Windows 7, is now running on 5% of the computers online.Â The daily average of online users as measured by Internet metrics company Net Applications showed that an increase last week put Windows 7 above......
- Microsoft rolls out IE9 Beta Microsoft has released a major update to Internet Explorer, IE9 Beta. It is available in 33 languages at http://www.BeautyoftheWeb.com. This is the "Future of the Web".. The design of IE9 is very neat and light. IE9 is much more better than it's predecessor IE8. In an interview, Internet Explorer general......
- Exploit for Unpatched Internet Explorer vulnerability
- Linux Local kernel vulnerability
- 3 Critical Microsoft Updates, 1 Important, 1 Moderate and 1 re-released
- Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit
- DoS Exploit for MS-053