Yes, eight issues: http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
Juha-Matti Larry Seltzer [[email protected]] kirjoitti: > BTW, the severity ratings in Microsoft's advance advisory seemed weird > to me; almost everything was critical, even those platforms with real > mitigations, so I asked them. > > The answer is that the Aurora bug isn't the only one being patched > tomorrow. Eight vulnerabilities will be patched. > > Larry Seltzer > Contributing Editor, PC Magazine > [email protected] > http://blogs.pcmag.com/securitywatch/ > > > -----Original Message----- > From: Charles Miller [mailto:[email protected]] > Sent: Wednesday, January 20, 2010 5:39 PM > To: Larry Seltzer > Cc: [email protected] > Subject: Re: [funsec] vulnerability overstatement > > Yes, that exploit works 1/3 of the time on XP and practically not at > all once ASLR is thrown in. But that doesn't mean exploits only work > 1/3 of the time with this vulnerability on XP. Probably if someone > cared to they could make it work 99% of the time, and MS doesn't > refute this. Likewise, an exploit doesn't try to defeat ALSR by > guessing addresses, that's stupid, as MS points out. However, that > doesn't mean you can't code up an ASLR+DEP bypassing exploit for this > vuln. And if I wrote one, I certainly wouldn't be giving it to MS for > testing! :) So researchers just want people to know that 'turning on > DEP' doesn't solve the problem, just makes it harder (or makes the bad > guy have to be smarter). > > But, Tavis does rock. > > Charlie > > On Jan 20, 2010, at 3:53 PM, Larry Seltzer wrote: > > > It bugs me that (in general) security researchers and vendors never > > give a full picture of mitigating factors and limitations when > > discussing an attack. They want users to perceive the threat to be > > as widespread as possible. Remember, those guys are just in it for > > the money too. > > > > Let's compare two very recent examples: VUPEN's DEP-bypassing > > exploit for the Aurora bug for one. What they said in public made it > > sound like the exploit just plain runs on platforms where it had > > been blocked by DEP, but I suspected a problem from the beginning: > > DEP bypass schemes generally rely on techniques that are defeated by > > ASLR, and IE runs with ASLR by default on Vista and Win7. Sure > > enough, Microsoft's response to these claims (and I believe them) is > > that ASLR greatly limits the utility of the DEP bypass:http:// > > blogs.technet.com/srd/archive/2010/01/20/reports-of-dep-being- > > bypassed.aspx. On Vista and Win7 the odds that it will execute are > > too remote to bother with. Even on XP, it only works 1 in 3 chances. > > > > Contrast that with Tavis Ormandy's disclosure yesterday of the VDM > > privilege elevation hack. He explained in full how it worked *and* > > a) that it doesn't work on 64-bit kernels and b) gave instructions > > on how to disable the 16-bit subsystems as a workaround. What a > > gentleman. It sounds like he really just wants to help. > > > > Security firms never tell you that you need to run as administrator > > to be vulnerable to something or that it won't execute reliably or > > that you had to choose to run it manually. They just want you to be > > afraid. > > > > Larry Seltzer > > Contributing Editor, PC Magazine > > [email protected] > > http://blogs.pcmag.com/securitywatch/ > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
