Microsoft's August patch Tuesday - 35 holes
The final total for this months record patch flood of patches is 15 bulletins to fix 35 security holes in Microsoft products. While, last Friday, Microsoft had announced it would be issuing 14 bulletins and closing 34 holes, this doesn't seem to have included the LNK hole that was closed out-of-schedule (MS10-046).
Critical updates were provided for all Windows versions on all platforms, for Microsoft Office for Windows and Mac, and for .NET and Silverlight. Among the affected components are the Windows Shell, the XML Core Services, the MP3 and Cinepak codecs, IIS, IE 7 and 8, Word, and the Windows SMB network service. Most of the related vulnerabilities allow attackers to remotely inject malicious code and gain control of vulnerable systems.
Updates with the second highest, "important", rating were provided for all Windows kernels and various drivers, Movie Maker, Excel, the TCP/IP network stack, and the Windows tracing feature. Most of the programming flaws in these components allow local attackers to elevate their access privileges. Microsoft has also released new signatures for the Malicious Software Removal tool. The vendor is deploying the updates via the usual mechanisms and users are advised to install them immediately.
As an added surprise, Microsoft also released an advisory about security holes in the Windows Service Isolation feature that allow non-privileged processes to access privileged system functions. According to the advisory, a successful attacker could, in very special circumstances, elevate a non-privileged NetworkService process to system privilege level. Potential attack scenarios mentioned include non-default IIS and SQL server configurations as well as Windows Telephony Application Programming Interfaces (TAPI). However, the advisory states that no patch is to be released to fix the issue. Microsoft say this is because the Windows Service Isolation feature is apparently only an added "defense-in-depth feature" not used by all customers and is "not a proper security boundary". However, the advisory does offer a workaround.
- Microsoft Security Bulletin Summary for August 2010, Summary from Microsoft.
- Elevation of Privilege Using Windows Service Isolation Bypass, Advisory from Microsoft.