SMB, DirectShow top the list of Microsoft patches
Microsoft on Tuesday issued a doozy of a security update, patching 26 vulnerabilities with 13 bulletins.
Eleven of the patches repair holes in Windows, while two of the fixes affect older versions of Office.
The software giant called out five of the bulletins as priorities to patch.
"In the simplest scenario, a system connecting to a network file share is an SMB Client," Jerry Bryant, senior security communications manager, explained Tuesday in a blog post. "The issue occurs during the client/server negotiation phase of the connection. In order to exploit this issue, an attacker would need to host a malicious server and convince a client system to connect to it."
Experts at Symantec also considered this issue to be a biggie.
“The SMB Server path name overflow vulnerability tops my list this month,” said Joshua Talbot, security intelligence manager at Symantec Security Response. “Server-side vulnerabilities aren't too common anymore, but they're a golden goose for attackers when they are discovered. With this one, if an attacker can find a vulnerable remote server that has a guest account set up, just like that, they've got access to the machine and possibly the entire local network — all without any user involvement required.”
Perhaps the most pressing to patch is MS10-013, rectifies a critical vulnerability in DirectShow, the media-streaming architecture for Windows that permits applications to display audio and video. The bug affects all versions of Windows. Users can be affected if they open a maliciously crafted AVI file either through an email link or on a website.
"The nature of the exploit lends itself to drive-by attacks that leave unsuspecting victims infected," said Andrew Storms, director of security operations at nCircle, a vulnerability management firm. "Since media is what excites people most on the internet today, an exploit of this bug would make it extremely easy to entice users to watch videos that are actually gateways to malware."
Finally, Microsoft ranked MS10-015 as high priority, even though it only carries an "important" rating, because the company is aware of publicly available proof-of-concept code circulating for the privilege-escalation kernel vulnerability that the bulletin addresses.