Microsoft kicks off 2013 with clutch of critical Windows updates

Others, including Adobe, Google and Mozilla ride Patch Tuesday's coat tails

By , Computerworld |  Security, Microsoft

A few researchers dissented on the first-to-patch roll call. Paul Henry, a security and forensic analyst at Lumension, picked MS13-001 instead.

"[This] is probably the most important vulnerability," Henry said in an email. "From an attack perspective, you could create a bunch of print jobs with malformed headers, send them to the network printer so they queue up in order, and if someone else on the network prints to the same printer, Print Spooler will actually go through and enumerate all the pending print jobs, which gives you the remote code execution."

Storms and Miller, who both picked MS13-001 for this month's No. 2 spot, thought the single-vulnerability update was as interesting as did Microsoft, which detailed the bug on its Security Research & Defense blog today.

The vulnerability in Windows Print Spooler -- but only in the code contained within Windows 7 and Windows Server 2008 R2 -- could be used by attackers, who must already have network access, to spread malware within an enterprise, where shared printers and multi-function devices are a dime a dozen.

"[MS13-001] was disconcerting at first, reminded me of Stuxnet," said Storms, talking about the notorious worm of 2010 believed to have been jointly created by the U.S. and Israeli governments to sabotage Iran's nuclear program. Stuxnet relied on several vulnerabilities to infect and spread, including a print spooler bug.

"But it's more like a 'watering hole,' where [an attacker] puts something malicious in the spooler and the next user who comes along gets infected," said Storm.

Microsoft security engineers Ali Rahbar and Jonathan Ness called the attack vector for the MS13-001 vulnerability "a little different than previous spooler service vulnerabilities" when they explained why they devoted a blog to it.

Rahbar and Ness said that the bug could not be triggered unless a Windows 7 or Server 2008 R2 customer had "third-party software installed on the client that enumerates print jobs differently than built-in Windows components."

They did not name names -- something Microsoft's always hesitant to do, said Miller -- but were talking about proprietary printer drivers and utilities included with printers sold by the likes of Hewlett-Packard, Epson and others.

"Essentially those DVDs you get with the printer are what will trigger this," said Storms. The flaw, however, is not in that software, but in Microsoft's.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness