Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for April 2013

Ah, April, for most of us the weather is turning warm, birdsreturn to their trees, flowers start blooming and the Red Sox lead the AmericanLeague East, at least for a day or two. Some of us will get to go outside andenjoy those things and some of us will get to spend some quality time in ourserver rooms applying patches. We have nine bulletins from Microsoft thismonth, two of them critical. Fivebulletins deal directly with Windows, one with Internet Explorer 6, 7, and 8,one with SharePoint, one with Windows Defender and one that impacts MicrosoftInfoPath 2010, SharePoint, Groove Server and Office Web Aps.

Microsoft doesn't supply a lot of information with theAdvance Notification, as it is just a notification, but if I had to guess I'dsay the IE bulletin is probably another use-after-free vulnerability that wehave been seeing so much of the last few months that results in Remote CodeExecution. The other critical bulletin this month impacts Windows itself andI'll guess that this has to do with Kernel Mode Drivers which might be a bit ofa stretch as this does result in RCE but that area has been a popular targetfor researchers recently.

One bulletin impacts a lot of different products MicrosoftInfoPath 2010, SharePoint, Groove Server and Office Web Aps. The Oracle Outside-In libraries have taken apretty good beating the last few months and I suspect the beating will continuehere. In this case the result is an elevation of privilege.

One bulletin I will be a little curious about is the onethat impacts Windows Defender for Windows 8 and RT and results in an elevationof privilege. I am mostly curious about how this issue was discovered anddisclosed. Windows Defender isn't something that has seen a lot of attentionfrom researchers but would definitely be a juicy target of attackers.

All nine bulletins and their patches are scheduled to bereleased next Tuesday so we will get all the juicy details then. Just about the same time the Yankees takeover first place and us Red Sox fans start planning for next year.

Related SpiderLabs Blogs