Microsoft Patches 11 Holes, Including the Stuxnet Path

Microsoft issued nine security bulletins on September’s Patch Tuesday. The bulletins address 11 vulnerabilities, four of which Microsoft has rated as critical.

“The most dangerous vulnerability is the Print Spooler service impersonation issue,” said Joshua Talbot, security intelligence manager for Symantec Security Response. “This vulnerability has been identified by Symantec as one of the attack vectors built into the notorious Stuxnet threat, which targets industrial control systems. This is evidence the vulnerability is already being exploited in the wild.”

As Talbot explained it, a remote or local attacker can use this vulnerability to gain system-level access and add malicious code to any file in Windows’ core directory where operating-system files are stored when a computer is configured to use a shared printer. System and configuration files in this directory often automatically execute. By overwriting one of these files, he said, the attacker-supplied code would automatically run instead of the legitimate file. The result: The machine is completely compromised.

“This vulnerability allows for a great deal of stealth since no user interaction is required for an attacker to exploit it,” Talbot said. “Affected systems run the gamut, but Windows XP is the most vulnerable. An attacker has to be able to send a ‘print to file’ command as well as other malicious instructions to the machine. XP most readily facilitates this by having a guest account with anonymous access enabled by default.”

New Drive-By Attacks Expected

Beyond Stuxnet, there is a critical bug in the MPEG-4 codec that can be used for drive-by attacks this month. Halo fans watching user-posted content — and anyone else watching AVI movies — should be extra careful over the next week or so, or your computer could get “shot up” with malware, according to Andrew Storms, director of security operations at nCircle.

“Hosting providers using IIS servers with PHP will want…

Related Articles