The Windows XP patch related to a critical vulnerability in the operating system's DirectShow service that could theoretically have been used by hackers to remotely execute code. Microsoft downplayed the significance of the vulnerability, confirming that it had been disclosed to the firm privately and only affects Windows XP.
However, the flaw is troubling as Microsoft is due to officially cease support for Windows XP on 8 April. The cut-off has led to concerns within the security community. Experts from EY, FireEye and Trend Micro said they believe hackers are preparing XP exploits for use after Microsoft officially cuts support which could pose seriously problems for firms still running XP.
Microsoft also released a permanent fix for a critical flaw in Internet Explorer (IE). FireEye discovered the flaw on 14 February and it is known to have been used by criminals to mount a sophisticated hacking campaign, codenamed Operation SnowMan.
Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs listed the fix as critical and called for IT managers to install it as soon as possible. "Our top deployment priority this month is MS14-012, which address 18 issues in Internet Explorer," he said.
"This cumulative update addresses one public and 17 privately disclosed issues in Internet Explorer. These issues could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. We are aware of targeted attacks using CVE-2014-0322 against Internet Explorer 10."
The March Patch Tuesday also included a fix for a previously undisclosed vulnerability in Microsoft Silverlight.
"MS14-014 provides an update to address a security feature bypass in Silverlight. The issue wasn't publicly known and it isn't under active attack, however it can impact your security in ways that aren't always obvious," said Childs.
"Specifically, the update removes an avenue attackers could use to bypass ASLR [address space layout randomisation] protections. Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable."
The update also features patches for flaws in Microsoft's Windows Kernel-Mode Driver and Security Account Manager Remote (SAMR) Protocol. Both vulnerabilities are ranked as important.
The Kernel-Mode Driver flaw could be used to bypass some Microsoft security services while the SAMR flaw could be used by hackers to escalate their privileges on victims' systems.
No comments:
Post a Comment