Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Fixes Critical Remotely Exploitable Windows Root-Level Design Bug

Posted by timothy on from the lurking-beneath-the-surface dept.

An anonymous reader writes "In this month's Patch Tuesday, Microsoft has released nine security bulletins to address 56 unique vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. Of the nine security bulletins, three are rated Critical in severity, and among these three is one that addresses a years-old design flaw that can be exploited remotely to grant attackers administrator-level privileges to the targeted machine or device. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Reader jones_supa writes, though, that the most recent patch rollout came with a bug of its own, since corrected: the company apparently botched a rollup update for Visual Studio 2010 Tools for Office Runtime: "There is an issue with KB3001652: many users are reporting that it is locking up their machines while trying to install it. It does not seem that this patch is doing any other damage though, such as bricking the operating system. These days Microsoft appears to be reacting quickly to this kind of news as it looks like the patch has already been pulled from Windows Update."

3 of 136 comments (clear)

  1. oh you motherf~}NO_CARRIER by ihtoit · · Score: 3, Interesting

    I read this just SIX MINUTES after I installed the bloody office runtime update.

    Which, lucky me, didn't lock the system up. It seems to have installed pretty painlessly.

    (wonder if that could be anything to do with the fact that I don't have Office installed?)

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  2. Re:The most insecure OS in the world by The-Ixian · · Score: 3, Interesting

    Yes, as much as I hate to admit it, I have had WAY more Linux servers exploited than Windows servers.
     
    I have set up hundreds of Windows Small Business servers and less than half as many production Linux servers. I only recall having 1 Windows server exploited, and that was because the customer set up an admin-level user with an extremely simple password and then opened RDP to the world.
     
    On the other hand, I have had several Linux servers exploited via ProFTPD, Horde, Sendmail and other vulnerable services.

    --
    My eyes reflect the stars and a smile lights up my face.
  3. Re:Russian Mafia Re:The XP Killer? by Anonymous Coward · · Score: 3, Interesting

    Let me suggest another scenario:
    NSA have had the exploit for years since they asked for it to be put there.
    It was only removed just now since the Russian Mafia found and started to use the exploit.