Patch Tuesday focus: Big bunch of Windows kernel bugs?
Microsoft may address 'kernel pool' exploits revealed at Black Hat
Computerworld - Microsoft's record-setting security update next week may patch a large number of vulnerabilities in the Windows kernel, researchers said today.
On Thursday, Microsoft announced that next week's monthly security update will feature a record-tying 17 bulletins that patch a record 64 vulnerabilities, 15 more than the previous largest-ever set in October 2010.
While Microsoft does not reveal much information about the upcoming updates in its advance notifications, the sheer number of critical bulletins that affect Windows -- nine altogether, more than half the total -- likely means that at least one affects the kernel, said Andrew Storms, director of security operations at nCircle Security.
"Although there's not enough to go on from the advance notification, I think one or more kernel patches is a pretty darn good possibility," said Storms. "They've had their problems with the kernel lately."
Of the nine critical Windows bulletins scheduled for next week, seven affect Windows XP, nine affect Vista and eight affect Windows 7.
Microsoft last patched the Windows kernel -- the heart of the operating system -- on February 8, but also fixed kernel flaws in each of 2010's even-numbered months.
That pattern -- this is an even-numbered month -- hints at kernel patches among the 64 slated for next week.
Another clue to the composition of Tuesday's updates came from Aaron Portnoy, manager of HP TippingPoint's security research team. In a message on Twitter yesterday, Portnoy said, "I had heard a good deal of that is due to @kernelpool," as he replied to French security company Vupen's note that Microsoft will patch a record number of flaws.
"Kernelpool" is the nickname of Norwegian security researcher Tarjei Mandt, who works for Norman ASA, an anti-virus firm headquartered in an Oslo suburb.
Mandt reported five of the kernel vulnerabilities Microsoft patched two months ago, and several others in 2010. And at the Black Hat security conference held in Washington D.C. in January, Mandt led a presentation and published a paper (download PDF) on "kernel pool" exploitation techniques in Windows 7.
In the paper, Mandt said, "In spite of the security measures introduced [in Windows 7, it] is still susceptible to generic kernel pool attacks."
Kernel pools are memory blocks devoted to the operating system's kernel, said Storms.
Mandt also suggested that Microsoft would eventually close those holes. "Most of the identified attack vectors can be addressed by adding simple checks or adopting exploit prevention features from the userland heap," said Mandt in his paper. "Thus, in future Windows releases and service packs, we are likely to see additional hardening of the kernel pool."
Mandt did not reply to Computerworld's emailed questions.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts