CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - Microsoft Releases Security Advisory

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 24 Aug 2010 12:18:32 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft Releases Security Advisory

Original release date: August 24, 2010 at 11:42 am
Last revised: August 24, 2010 at 11:42 am


Microsoft has released a security advisory indicating that it is aware
of a remote attack vector for a class of vulnerabilities related to
how applications load external dynamic link libraries (DLLs). If an
application does not securely load DLL files, an attacker may be able
to cause the application to load an arbitrary library. By convincing a
user to open a file from a location that is under an attacker's
control, such as a USB drive or network share, a remote attacker may
be able exploit this vulnerability. Exploitation of this vulnerability
may result in the execution of arbitrary code or elevation of
privileges.

At this time, US-CERT is aware of reports of publicly available
exploit code for this vulnerability.

US-CERT encourages users and administrators to review Microsoft
security advisory 2269637 and consider implementing the workarounds
listed in the document. Please note that these workarounds may reduce
the functionality of the affected systems. Workarounds include
  * disabling the loading of libraries from WebDAV and remote network
    shares
  * disabling the WebClient service
  * blocking TCP ports 139 and 445 at the firewall

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/2269637.mspx>

<http://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory5

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTHPwwj6pPKYJORa3AQKsxAf/dHN46/GgUq8tnOGGVblaexOoHTA6VADj
i9rxk8EuVLBewjwsGID82c7KD2smrO7/Bagsx8124nih4avyfXglWcBKLC1PbgcX
eZdClh2hzYEnhXB63BEJULWsfR7kUSwf+A3AaVAjSECyvXHMnrfyw5f9TTXOZOv5
x+Hm+3/SobW/TAAZUxBKNyCvLmDvqu64MzYMtHRswP0/9ydvWPUo8YMGUooSqstC
Ha4FCYro4k3GYIMh6VHbZCAub2BA7+IzzBLphRUdMoFmt3nK52CIn/5mqu2ScTLZ
IK9rSh/OpRZUnut+cIaNClrYZp+s3a954+YLV5N1A2LMI6nN7NsMIw==
=zl0U
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: