April 2010 Patch Tuesday Overview
Microsoft has released 11 new security bulletins for this month’s Patch Tuesday, addressing 29 vulnerabilities. This month’s security bulletins range from servers to workstations with a lot of affected products. This month you can count on pretty much every type of Windows computer being patched.
MS10-021 addresses a vulnerability in the Windows Kernel. As you might remember, MS10-015, released earlier this year, addressed the Windows Kernel as well and had adverse affects on some systems. If MS10-015 was applied to a system infected with the Alurean rootkit, the system would blue screen on reboot. Microsoft changed the logic for MS10-015 and is applying the same logic to MS10-021. The update will look for abnormalities in the Windows Kernel, and if found, the update will fail to install.
MS10-019 is very interesting as well as disturbing. This bulletin patches two vulnerabilities in Windows Operating System. The vulnerabilities allow attackers to bypass digitally signed files. An attacker can modify the signed file and not invalidate the digital signature. It is very common to rely on a digital signature to verify the integrity of the file. If the signature is valid, the file came from the original source, making this a simple and secure process. However, with this vulnerability, attackers can trick people into thinking the file is valid. With this bulletin, systems will have two patches required to fix this vulnerability which are Authenticode Signature Verification and Cabinet File Viewer Shell Extension.
The next two bulletins administrators should address next affect media players. MS10-026 addresses one vulnerability in a Windows Operating System component that handles media codec. Opening a malicious AVI multimedia file can lead to remote code execution. MS10-027 addresses one vulnerability in Windows Media Player 9 on Windows 2000 and Windows XP. Visiting a malicious website with Internet Explorer that hosts specially crafted media content can lead to remote code execution.
How common is viewing media files? I am sure there are some users on corporate networks who are, at this moment, looking online for the latest Dancing with the Stars’ Kate Gosselin’s latest dance routine. Given the popularity of the show, how sure are you that the user will not be downloading a malicious file?
Two previous security advisories are now closed out due to bulletin releases:
- Microsoft Security Advisory 981169 - MS10-022: VBScript (The infamous 'press F1' on websites)
- Microsoft Security Advisory 977544 - MS10-020: SMB
If you have not addressed the Microsoft Out-of-band release for Internet Explorer released in March, you should be applying MS10-018 with this patch cycle.
Adobe has also just released their quarterly update for Acrobat and Reader. This update addresses 15 vulnerabilities, rated as critical and can lead to remote code execution. This bulletin applies to Acrobat and Reader version 9.3.1 and 8.2.1.
- Jason Miller