Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Fixes Critical Remotely Exploitable Windows Root-Level Design Bug

Posted by timothy on from the lurking-beneath-the-surface dept.

An anonymous reader writes "In this month's Patch Tuesday, Microsoft has released nine security bulletins to address 56 unique vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. Of the nine security bulletins, three are rated Critical in severity, and among these three is one that addresses a years-old design flaw that can be exploited remotely to grant attackers administrator-level privileges to the targeted machine or device. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Reader jones_supa writes, though, that the most recent patch rollout came with a bug of its own, since corrected: the company apparently botched a rollup update for Visual Studio 2010 Tools for Office Runtime: "There is an issue with KB3001652: many users are reporting that it is locking up their machines while trying to install it. It does not seem that this patch is doing any other damage though, such as bricking the operating system. These days Microsoft appears to be reacting quickly to this kind of news as it looks like the patch has already been pulled from Windows Update."

3 of 136 comments (clear)

  1. Re:The most insecure OS in the world by monkeyzoo · · Score: 5, Funny

    Windows - the most insecure OS in the world.

    True, but only because Adobe never made an OS.

  2. Patching is NOT ENOUGH by jeffasselin · · Score: 5, Informative

    One very important part of this latest vulnerability is that patching your systems is NOT ENOUGH. The patch is not so much a fix as an entirely new security functionality which must be configured properly.

    It is required to configure a group policy to harden your systems. Any domain-joined system must have both the patch installed and a group policy setup to force the system to use secure authentication and validation mechanism on any sensitive share. Domain shares such as NETLOGON and SYSVOL are an obvious priority, but any share used for software deployment or script execution must be similarly listed.

    Make sure you read the KB article and take the proper steps to secure your systems:

    https://support.microsoft.com/...

    --
    If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
  3. Re:The most insecure OS in the world by Archangel+Michael · · Score: 5, Insightful

    True. But Adobe already creates exploits for all the other OSes in the world, so they don't need to actually create an unsecured OS.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.