Microsoft patches critical hole in Windows kernel

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.

The critical bulletin affecting the Kernel-Mode Drivers was publicly disclosed and could be used to create a Web page with malware designed to exploit the hole on systems that visit the page, Microsoft said in a blog posting.

"MS09-065, a bug in the Windows kernel, is this month's most serious issue," said Andrew Storms, director of security operations at nCircle. "The vulnerability allows for remote code execution, and the attack code can be embedded inside MS Office files or be hosted on websites. Simply browsing an infected website will compromise unsuspecting users -- not great for all the holiday shoppers looking to get a jump on their shopping. The novelty value of this bug is likely to attract many researchers. A lot of people will try to be the first to publicly post exploit code."

The two other critical bulletins fix holes in Web Services on Devices API and in License Logging Server. Two bulletins ranked "important" fix holes that pose risk of remote code execution if a user opened a maliciously crafted Excel or Word file.

"It is interesting that a new service that helps with the 'user experience' can cause so much harm," said Jason Miller, data and security team leader at Shavlik Technologies. "The WSDAPI service allows users to easily find devices such as printers and cameras on their network. This vulnerability is also not publicly known at this time."

Software affected by the patches includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, according to the bulletin.

Meanwhile, the Microsoft Malware Protection Center team added two rogue antivirus families to the Malicious Software Removal Tool -- Win32/FakeVimes, which calls itself "Windows System Defender" and "Windows Enterprise Suite," and Win32/PrivacyCenter, which calls itself "Safety Center."

[The_happy_switcher]

Kernel Mustard, with a virus, in the registry. Is that who did it?

[Random_Walk]

Okay - you;re often over-the-top, but I gotta admit... this one was funny.

[Vegaman_Dan]

Ah, but you were seen in the same room with Dr. Lucky, so no kill for you.

[A_K47]

Lies..damn lies!

Windows 7 is virus proof! Stop this conspiracy to bring down mighty '7

(Apple did this!)

[The_happy_switcher]

@topnut: 'looser?'-LOL. It's 'loser,' you wingnut. Maybe you'd know that if you had actually graduated from the 4th grade.

[Seaspray0]

Kernel Mustard, with a virus, in the registry, while in the fourth grade.

[n3td3v]

Reverse Engineer Tuesday, Zero-Day Wednesday, Exploitation Thursday, World Domination Friday ;)

[Seaspray0]

Sounds like pinky and the brain.

[TechJohnson]

At least they are trying to fix issues.

[sroussey]

Is this not for Windows 7? I don't see any security updates for Win7.

[Seaspray0]

Windows 7 wasn't listed in the bulletin so it doesn't contain this vulnerability, however since Office 2004 for Mac, and Office 2008 for Mac were, I've got a question. How does a mac get updates for microsoft office?

[Dalkorian]

When you fire up Office on a Mac, I think one of the first things it tries to do is phone home for updates. You might be able to disable that through the preferences though. Of course the other way is to check manually, I'm guessing the Help menu of Office (I can't check now, I've transitioned off of Office and into NeoOffice instead).

[jtjt145]

Windows and viruses - like honey and the bee

[timber2005]

You and lame - like two hydrogen ions.

[Chaoticamusic.com]

"Trust me. Windows 7 won't have any of the problems that Windows Vista-XP-ME-98-95-W2 had. Trust me."

[DrtyDogg]

"Software affected by the patches includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, according to the bulletin." From the article.

[Vegaman_Dan]

Note that Apple had their Patch Monday yesterday.

But don't worry, OS X 10.6.3 won't have any of the problems that 10.6.2 had... that 10.6.1 had... that 10.6 had... that... Do you see the trend here?

It's an OS. It's far better that patches are released in the first place.

[Michichael]

*cough* Owned *cough*

[superswiss]

Since Windows 7 RTM was released, 2 out of 3 security bulletins didn't apply to Windows 7. This one is one of it. It's too early to assess a trend, but I'm just saying.

[rmullen0]

Winblows is great!

[exactlyy]

Mactrix is better

[Vegaman_Dan]

I personally like radishes. Maybe wtih a bit of salt.

[LaTene_Man]

My question is: Is there any way to make Windows Update run any faster?! It takes FOREVER to just figure out what needs updating!

[42istheanswer]

You're going to the wrong website. You need to go to www.ubuntu.com instead.

[Vegaman_Dan]

@42istheanswer:

It's funny you should say that ubuntu.com is the solution. My ubuntu box has problems now connecting to their update server and still needs patching. The update service has been timing out for some reason. I'll let it run overnight and it should ideally get done.

[Indian_art]

@ Vegaman_Dan
You need to find the right Server for you. For example, I had problems like you. However, I changed my server to India (I am in India) and now updates are super fast & super smooth.

Good luck!

[Gold_Storm_Mac]

well well. a taste of the pc shill's own medicine.

[shellcodes_coder]

Really? 475 MB of updates for OS X SL, no updates for 7 and those updates for XP and Vista are less than 10 MB as opposed to 475 MB, LOL

[Gold_Storm_Mac]

trying to get down to specifics wont help. both oses have updates. thats the point.

[Vegaman_Dan]

@Gold_Storm_Mac:

I think the point is that one of the common Mac OS fanboy talking points is that the size of OS updates is an indicator of how poorly done the OS is.

The doublestandard in play is that when the very same issues/criteria happens with the Mac, then Apple is held to a different standard by those very same fans.

I think the phrase, "Do as I say, not as I do," fits it best.

[alegr]

This is what happens when you offshore new code development and QFEs, and then just submit the code to the codebase, without any review.

[Vegaman_Dan]

Curious what product you're talking about there- it certainly isn't Windows.

[alegr]

I mostly deal with storport.sys (I write stor miniports), and in the course of couple of years found a few nasty bugs in it. And most of those bugs look like the feature was never tested, never reviewed. And I know that maintenance of legacy storport is now offshored. I suppose that happens with many other components.

[shellcodes_coder]

oops no updates for 7, at least I don't have to waste my time downloading 475 MB of updates like endangered os Snow Leopard users have to...:)

[Vegaman_Dan]

Oh, there will no doubt be some large Service Pack for Win7 in a year or two so don't worry, the time is coming if only if it is a cumulative OS patch collection.

[shellcodes_coder]

@Vegaman_Dan: Ya that's for sure. And am even sure that 7 SP1 will be less than 475 MB (SL update) that should save our bandwidth and time

[Seaspray0]

Based on the size of service packs recently, I would guess the first services pack for windows 7 will easily exceed 1 GB.

[Gayle Edwards]

I find it kind of strange that the "Windows-7" kernel isn't affected, since "both "Vista", and "Server 2008" are vulnerable (and, "Windows-7" actually contains so much of the same code"). Perhaps, "Windows-7" actually does have this same "kernel vulnerability", and Microsoft has simply chosen to far more quietly (for marketing, and PR, purposes) patch this bug in "Windows-7" without admitting that their new flagship-OS ("Vista-2.0"... which they are desperately-pushing so hard) IS indeed ...just the same old story from Microsoft.

Or, perhaps... if this "vuln" DOES exist in "Windows-7"... maybe Microsoft can't (or has, once again, simply decided not to) fix it immediately. It will be interesting to see what independent researchers (and "hackers") find out in this regard.

[superswiss]

Not strange at all. Windows 7 and Vista/Server 2008 don't share the same kernel nor do they have the same core. The Windows 7 kernel is an evolution of the Vista/Server 2008 kernel and the core in Windows 7 is commonly referred to as MinWin. While Vista started to go down the route of MinWin, Windows 7 is the first OS that is built on top of MinWin. Significant rewrites happened to arrive at MinWin, so it's not surprising that kernel vulnerabilities are not present in Windows 7.

[Gayle Edwards]

Clear as mud...

"Windows-7" is an "evolution" of the "Vista/Server-2008" kernel... containing "...significant ...rewrites". However, AS an "evolution" (and despite the... ahem... .MS "code-reviews"), "Windows-7" DOES contain significant ...one might almost say, staggering, even -deceptive-) amounts of earlier ("Vista") code AND OS/kernel-elements. And, in fact "Windows-7" HAS already, actually, begun to show identical flaws and bugs, inherited from its "code-base's" (MS-evolutionary) origin. Check the tech-news.

Just sayin'...