Researcher confirms kernel bugs will dominate Patch Tuesday
And the Internet Explorer update will close at least one hole hackers are already using
Computerworld - Microsoft will patch a large number of Windows kernel-mode device driver vulnerabilities later today, the researcher who reported them said.
Today's security updates will also close a bug in Internet Explorer (IE) that hackers have started exploiting, Microsoft confirmed Monday.
At around 1 p.m. ET, Microsoft will issue 17 security bulletins that fix a record 64 vulnerabilities in Windows, IE, Office, and Visual Studio.
"Yes, there will be a lot of kernel bugs addressed in the security bulletins next week," said Tarjei Mandt, a researcher who works for Norman ASA, a Norwegian antivirus firm. Mandt reported the vulnerabilities to Microsoft over the last six months.
One security expert who requested anonymity said that as many as half of the 64 vulnerabilities Microsoft plans to patch are kernel related.
But contrary to speculation last week by Computerworld that Mandt discovered the flaws while researching "kernel pool" exploits, the bugs Microsoft will patch today are more mundane.
At the Black Hat security conference last January, Mandt led a presentation and published a paper (download PDF) on kernel pool exploitation techniques in Windows 7. Kernel pools are memory blocks devoted to the operating system's kernel.
"They are not related to the research I did on the Windows kernel pool," said Mandt in an email reply to questions. "It's rather a class of bugs that is being fixed, present in the kernel component of the Windows user interface (win32k.sys), which dates back as far as Windows NT 4.0."
Microsoft has patched "win32k.sys," Windows' kernel-mode device driver, several times in the last year. Last February, Mandt was credited with reporting five flaws in win32k.sys that Microsoft patched in the MS11-012 update. Microsoft also addressed vulnerabilities in the kernel-mode driver in June, August, October and December 2010, fixing a total of 16 bugs. Five of those were reported by Mandt.
All the win32k.sys vulnerabilities were rated as "important," the second-highest threat ranking in Microsoft's four-step scoring system, and were classified as "elevation of privilege," or EoP bugs.
EoP vulnerabilities let attackers obtain higher administrative rights, and thus access to more resources than the compromised computer's user would normally have.
On Monday, the Microsoft Security Response Center (MSRC) also acknowledged that it was investigating reports of what it called "limited, targeted attacks" on a bug in IE that it will patch later today.
Mandt cautioned that the kernel-mode driver bugs he reported might be exploitable using the methods he outlined at Black Hat.
"I believe some of the vulnerabilities could be exploited using the techniques presented in the paper as they operate on data stored in the kernel pool," Mandt said.
Today's updates for Windows, IE, Office and other Microsoft software should appear on the company's download site shortly after 1 p.m. ET. They will also be made available through the Windows Update and Microsoft Update services, and the Windows Server Update Services tool.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!