Wednesday, April 25, 2012

CPE: McAfee AudioParasitic: Episode 28: M$ patch tuesday


length: 00:15:41

11 bulletins: pulled 1, originally scheduled for 12
17 vulnerabilities: only 1 was public prior release

Most critical
MS08-008: Vulnerability in OLE Automation , allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation.

MS08-009: allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

MS08-010: IE, the most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

MS08-013: allow remote code execution if a user opens a specially crafted Microsoft Office file with a malformed object inserted into the document.

The IE vulnerability was a 0day exploit was known to somebody, used in targeted attack

DoS
Privilege escalation
Remote exec
ISS-serverside MS08-006

Worm related vulnerabilities are relatively infrequent, nowadays
IE related vulnerability are much more important

It’s more than 1 year that we seen self replicating malware
Nowadays malware write try to be under the radar


M$ might group together security bulletin for services that require reboot
Lately most of the vulnerability are application vulnerabilities

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home