Microsoft Patch Tuesday: One Stuxnet hole remains open
While 16 updates from this Microsoft bumper Patch Tuesday close 49 security holes, a vulnerability exploited by the Stuxnet super worm to escalate access privileges remains open. Update MS10-073 does, however, close the other two known privilege escalation holes, which are related to loading keyboard layouts in the kernel. MS10-073 also fixes two previously undisclosed flaws. As one of the problems was discovered by Symantec, it's probably already actively being exploited in the wild.
While the update fixes three of the four Windows holes exploited by Stuxnet, Microsoft hasn't said when exactly it will fix the last hole. The only statement made in the Security Response Center blog is that the final issue will be addressed in an upcoming bulletin.
Four further updates close critical holes in Internet Explorer, in the Media Player, in the JIT compiler of .NET 4.0 and in the code for processing embedded fonts. Microsoft says that all the flaws can be exploited to inject and execute code when a user visits a specially crafted web page. The vendor corrected ten security problems in Internet Explorer alone.
Other updates fix flaws in Word, Excel, in the Windows controls (comctl32), the MFC library and in the way the Windows shell and WordPad instantiate COM objects. These flaws also allow the injection of code, but they require users to open a specially crafted file on their systems.
Additional patches for SharePoint, the Failover Cluster Manager, SChannel, the Remote Procedure Call subsystem (RPCSS) and the OTF format driver prevent attackers from retrieving information, making changes without permission and launching denial-of-service attacks. Further details can be found in the corresponding individual bulletins. Microsoft's Security Bulletin Summary for October 2010 provides an overview of the individual patches.
According to a blog posting by the Threat Research & Response Team, the monthly update of the Malicious Software Removal Tool (MSRT) contains an explosive new addition: Microsoft say they have included detection and, more importantly, removal routines, for the client software of the Zeus botnet. Zeus is a trojan toolkit that specialises on online banking fraud and is being hawked to criminal gangs on a large scale. The gangs use the toolkit to create custom Zbot variants and build their own botnets. Considering the professional manner in which Zeus has been developed and deployed, the developers are likely to respond soon and adapt their software in a way which prevents it from being detected. However, with luck the automatic removal routines will have considerably reduced the number of botnets by then.