Reflections on April 2008 patch day

All 8 bulletins this month are client side vulnerabilities. IOW, your system is safe unless a user logs in and opens documents, reads email, or visits an evil website on that computer. Systems where no one logs on and does this (ie Servers in data center) are safe.

Of the five OS-related vulnerabilities this month, four impact Vista and Windows Server 2008.

The most critical to get installed away are MS08-021, MS08-022, and MS08-024. Of these, MS08-021 is the most important, as it can be exploited by all three attack vectors: visiting an evil website, opening an evil document, or reading an evil email. MS08-021 is a flaw in the way that image files are processed – an evil graphic file can execute code on your system. This is the third such evil graphic file attack since January of 2006.

MS08-022 is a flaw in jscript and vbscript in IE6 and earlier versions of IE. Visit an evil website and you’ll get hacked. This is the patch that was delayed from the January release cycle.

MS08-024 is a flaw in all versions of IE – visit an evil website and you’ll get hacked.

MS08-025 is a privilege escalation vulnerability that can allow a user to elevate themselves from user to admin. This can also be exploited by any of the other vulnerabilities announced this month. IOW, visit an evil website and it can execute code on your system to make you an admin – then the evil website can do anything on your system that it wants. IOW, from what I can tell, this vulnerability erases the mitigation that MS provides for all earlier patches about – ‘the evil code will only execute with the permissions of the logged on user – therefore you are safer if you are logged on with a non administrative account).’

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: