Simply Security - News, Views, and Opinions from Trend Micro

Posted on July 2nd, 2012 in Current News, Internet Safety by Simply Security | Be the first to comment | Tags: Current News, Internet Safety

Software giant Microsoft released its regular dose of patches for the month of June, citing seven "important" and "critical" threats that could result in exploitation of Windows, Internet Explorer and other programs.

Software giant Microsoft released its regular dose of patches for the month of June, citing seven "important" and "critical" threats that could result in exploitation of Windows, Internet Explorer and other programs. The company may even have revealed its own "zero day" threats by warning its clients of a potential exploit in its Remote desktop protocol, creating additional data security concerns.

All the way to the kernel

Threats to data security like Flame, Stuxnet and Conficker will get inside a computer and auto-execute through Trojan protocols, but some of them require certain permissions to carry out a full infection.

Obtaining these permissions apparently has been easy for Microsoft-based PCs, according to the list of other pressing security concerns in the June patch. The software's communications framework, .NET, along with its Lync software, has gaps that could result in remote hijacks. Once these are exploited, the kernel drivers themselves carry intrinsic vulnerabilities that allow programs to boost themselves to administrator level and go to town on a machine.

Remote controlled computer

Another data security loophole getting strong attention is within the desktop operations itself. Remote desktop protocol (RDP) allows users to enjoy access to their computers when they can't physically reach them, but the system itself is flawed. According to Microsoft's security patch, RDP packets that are regularly used to transmit renderings of the targeted computer's desktop to the accessing user's display can actually be used to exploit a connection. If hackers uses a specific sequence of packets, they could feasibly hijack the machine.

"The RDP one is a bit scary," said Jason Miller of VMware regarding the Microsoft report in an interview with CRN magazine. "Attackers don't even need to know anything about your network. They just need you to have RDP enabled."

As Miller pointed out, this threat has been seen as potentially less dire by some analysts because it will only affect users with RDP enabled. The feature is not activated on when a customer first receives his or her computer and must be manually turned on.

PC Magazine reported that Microsoft already patched a "critical" RDP error in March, which led to widespread fear of zero day exploitation similar to the June response. Thanks to the earlier scare, however, more businesses and consumers may have already disabled the service to promote additional data security.

Internet Explorer issues

Top priority for Microsoft fell with its web browser, which, according to ZDNet, has 13 different holes targeted and filled by the  patches. These gaps in data protection affect all currently-available versions of IE, and ZDNet reported some have already been discovered by hackers and exploited. The release of this information has led some analysts to fear it could encourage immediate exploitation of the flaws, seeing as not all users manually update system security on a regular basis and machines won't always automatically run a scan for updates unless scheduled to do so.

"I think this vulnerability will be used in attacks sooner than any of the other ones on the list," said Marc Maiffret of BeyondTrust in a CRN interview. Marcus Carey of Rapid7 added, "Given the sheer number of desktops involved, I think it should be taken very seriously. Browser related exploits are by far the number one vehicle of attack from a criminal perspective and from an APT perspective."