Patch Tuesday updates welcomed but questions asked over failure to cover Excel vulnerability

News by SC Staff

The monthly Microsoft Patch Tuesday has been welcomed for the necessary covering of vulnerabilities.

The monthly Microsoft Patch Tuesday has been welcomed for the necessary covering of vulnerabilities.

MS09-008 addresses a vulnerability in DNS and WINS services that could allow an attacker to insert bad data into a DNS (or WINS) Server, thereby redirecting people's traffic to potentially evil websites. MS09-006 covered a long line of vulnerabilities that can be exploited when viewing maliciously created graphic images where an attacker can encourage a victim to view a specially formatted image and then run code on the victim's system. MS09-007 patches a vulnerability that can be used to connect to a website or resource that requires certificate-based authentication.

Eric Schultze, CTO of Shavlik Technologies claimed that each of the patches has a completely different impact on the end user experience, however he questioned why a patch was not released to cover a zero day vulnerability in Excel.



Schultze said: “The most critical of today's patches is MS09-006 which could allow an attacker to take complete control of your computer if you view a website, email, or document that contains an evil graphic or picture.


“Also critical (in my mind, though Microsoft rates it important), is a set of patches for Windows DNS Servers. Attackers can leverage this flaw to redirect internet traffic to look-alike websites in hopes of gathering sensitive user information. Lastly, Microsoft issued a patch to correct an issue where attackers can access restricted websites that require certificates, even though they don't have this certificate.”


Schultze recommended installing all of the patches immediately to leverage the same system reboot to complete the patch installation.


Alfred Huger, vice president of development at Symantec Security Response, said: “This month's critical vulnerability affects the Windows kernel and can allow an attacker to gain complete control of a user's machine simply by the user viewing a website infected with a malicious .WMF or .EMF picture file.


“It would also be possible for a user to fall victim to this vulnerability by opening an HTML email or an email attachment containing the same type of malicious files. What's more is that it is possible for an attacker to disguise .WMF and .EMF files as other common picture file types, such as a .JPG, in order to fool users who are exercising greater caution around viewing lesser known file types.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews