Patch Tuesday will bring two security bulletins from Microsoft, one of which is critical and involves a remotely exploitable hole on Windows systems, the other of which is rated important and also affects Windows.
eEye’s Zero-Day Tracker, as of Nov. 9, is listing three active zero-day Windows and Internet Explorer vulnerabilities, all of which have been publicly disclosed and/or used in attacks, none of which have been patched.
The critical patch promised for the Nov. 13 Patch Tuesday could well be a flaw in a Macrovision driver on Windows XP and Windows 2003. That vulnerability was actively being exploited in the wild as of Nov. 5, when Microsoft sent a special security advisory to warn customers of the danger of complete system takeover.
Microsoft said at the time that Vista is immune to the vulnerability, which is a memory corruption error in the Macrovision Security Driver when processing user-supplied data. The vulnerability can be used by local attackers to gain so-called Ring 0 privileges—a hierarchical level with the most privileges and which interacts most directly with physical hardware, including the CPU and memory.
Similarly, the critical patch expected on Patch Tuesday affects Windows XP and Windows 2003, not Vista, meaning there’s a good chance that is the bug that’s next up for a fix.
Microsoft might also be planning to release a security update to fix the Windows hole that’s been letting attackers run wild with rigged PDF files. The company put out a special security advisory on Oct. 25 regarding that exploit, which has involved a wave of malware spamming in late October that reached what security researchers called “massive” proportions.
The important Windows update concerns spoofing, Microsoft said in its monthly security bulletin advance notice.
Both the updates will require a restart except under certain conditions with the one marked “important.” In the case of both updates, Microsoft Baseline Security Analyzer can detect whether a system requires the update.