Microsoft provides February patch to terminate 22 errors

TipsMake.com - Yesterday, Microsoft released 12 security updates and 22 bugs in Windows, Internet Explorer (IE), Office and its Internet server software.

An expert suspected that dozens of updates were released this time with the aim to prevent hackers from exploiting Windows 7 in the Pwn2Own world security conference.

Microsoft provides February patch to terminate 22 errors Picture 1

Andrew Storms, director of security operations at nCircle Security, said: ' I think this is a strategic step for Microsoft to prevent (researchers) from using this vulnerability as a mechanism to bypass. on ASLR ', when he talked about the update MS11-009, it patched a bug in the JScript script tool and VBScript inside Windows.

At Pwn2Own , taking place March 9-11 at the CanSecWest security conference, attackers equipped with unpatched vulnerabilities and exchanging exploits will try to hack browsers running on Windows 7. To In doing so, they need to step through ASLR - Address Space Layout Randomization - one of Windows 7's anti-exploitation technologies.

3 out of 12 updates this time are considered serious, the highest ranking of Microsoft. The remaining 9 updates are classified as important, the second highest.

Microsoft focuses primarily on three updates this time and recommends that users install them as soon as possible, while some other security researchers only pay attention to 2 of these 3 updates.

Jason Miller, head of data security team responsible for patch management by supplier Shavlik Technologies, said: ' This is an important month for bulletin boards, but users should fix MS11-003 and MS11-006 now. immediately because they all focus on zero-day vulnerabilities '.

MS011-003, an update for IE, helps patch up the Microsoft discovered on December 22, 2010, just a few weeks after French security firm Vupen advised that all versions of IE has flaws. Not long after, Microsoft warned users that attackers have exploited this vulnerability.

According to Storms, Microsoft calls it an IE vulnerability. He said: ' They hit the target with this update ' when talking about Microsoft's decision.

Jerry Bryant, senior manager of the Microsoft Security Response Center (MSRC), found that the company's anti-virus team, whose task is to monitor the number of attacks using their data as well as data provided by the customer, indicating the number of attacks increased sharply only last week.

' Microsoft did the right job. Everyone wants the patched holes, but I don't want (Microsoft) to remove anything , "Miller said.

Meanwhile, MS11-006 will fix a serious error on how Windows XP, Vista, Server 2003 and Server 2008 translate thumbnail thumbnails inside the folder. The bug was discovered in mid-December at a security conference in South Korea, and Microsoft made advice on January 4, 2011. At the time, the company also said it did not release an out-of-band patch for this issue.

The third serious patch, MS11-007, is just a "reboot" patch of one of the Microsoft patches released last December.

Like the update 2 months ago, this update is included in the Windows OpenType Compact Font Format driver, used by major browsers, including Firefox, Chrome, Safari and Opera, to translate fonts. Hackers can exploit computers running one of these browsers with a very simple drive-by attack by attracting users to access sites that contain malicious code.

IE users will be safe from such attacks because Microsoft's browser does not rely on this faulty driver to translate fonts.

According to Miller, applying MS11-007 patch will help protect the computer from running Microsoft's browser. He said: ' This patch is also quite important among the bulletin released this time .'

Another update that caught Storms and Miller's attention was MS11-004, which patched a single flaw in the FTP protocol (file transfer protocol) (Internet Information Services). , a Microsoft Web server software.

This patch affected Windows Vista, Windows 7, Server 2008 and Server 2008 R2, but had no impact on XP or Server 2003.

Although Microsoft has previously said that the IIS vulnerability cannot be exploited by attackers when they run malicious code on a target computer, this patch seems to be the opposite.

Chengyun Chu and Mark Wodrich, two MSRC engineers posted on the blog: ' More research has shown that this vulnerability could be exploited if DEP protection (preventing data execution) and ASLR were 'face over'. However, no exploitation has been discovered, and no exploit code is widely distributed . '

In an interview yesterday, Bryant said that while Microsoft was aware of the possibility that the IIS vulnerability could be fully exploited, the company's engineers could not find a solution to the ASLR problem. , prerequisite for an attack.

Miller tried to convince Windows users to pay attention to the IIS vulnerability. He said: ' Whenever Microsoft releases any information on its blog, you should pay attention to them' when he talks about Zhou and Wodrich's post.

These security patches can be downloaded and installed through Microsoft Update and Windows Update services, as well as through Windows Server Update Services.