Tech Strategy Trends

Nov 10 2009   11:27PM GMT

Security Researchers Concerned about Flaw in Windows Kernel-Mode Drivers



Posted by: Tony Bradley
Tags:
drive-by attack
kernel-mode drivers
Microsoft
MS09-063
MS09-065
nCircle
Patch Tuesday
security bulletins
Tyler Reguly
vulnerabilities
Windows

Today is Patch Tuesday for November, 2009. Microsoft released 6 new Security Bulletins for November–3 rated as Critical and 3 rated as Important. Of course, not all Critical Security Bulletins are necessarily created equal.

Tyler Reguly, Lead Security Research Engineer with nCircle, says “There’s no question that this month, the most important bulletin to patch today is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible.”

Reguly goes on to describe concerns with some of the other Security Bulletins. ”There are three vulnerabilities this month that target a listening service. While none of them are likely to considered great candidates for exploit, they are worth noting as they all primarily affect the enterprise. It is unlikely that the home user will be running a license logging server or have Active Directory up and running. While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk.”

While I understand that businesses have critical software that could be impacted and therefore may need to test patches before deploying throughout the environment, I highly recommend that home users simply enable the Automatic Updates in Windows to ensure their systems are protected automatically with as little intervention as possible. 

Make sure you read the details of the Security Bulletins to understand what platforms and applications are affected and what the possible impact could be to your systems. This summary provides links to the Security Bulletin details and the downloads for the patches and updates to protect your computer. 
 
Reguly had one last thing to add about this month’s batch of Security Bulletins. “As a researcher, I always like to comment on the bulletin that I find the most interesting. This month that is definitely MS09-063. The Web Services on Devices API attack interests me greatly as it’s remote code execution on a listening service. I’m rather excited to dig deeper into this one and find out how it works.”

Hopefully he’ll figure out the nuts and bolts of how it works and share that information with us. Thankfully though, you can just apply the patch and not worry about it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: