United States
Web App Attacks: Sneaking in the Front Door
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Microsoft Black Tuesday: First Patch Day of 2010 not so black 

12 January 2010 -- As I forewarned in last week's Wire notification, Microsoft only released one security advisory today and, to any major extent, it really only affects Windows 2000 (2K) administrators. So whether you use 2K or not, today's patch day will be a breeze.

According to today's single advisory, a Windows component called the Embedded OpenType (EOT) Font Engine suffers from an integer overflow vulnerability that attackers can exploit to execute code. The EOT engine is a component responsible for handling EOT fonts that designers can embed into documents or web pages. By enticing you to download and open a document or visit a web page that contains a maliciously crafted EOT font, an attacker can exploit this vulnerability to execute arbitrary code on your computer. If you have administrative privileges, the attacker could leverage the flaw to gain complete control of you machine.

This is a very critical vulnerability to those it affects, but there is a slight twist that lessens its risk to most Windows users. While all current versions of Windows ship with the EOT Font Engine, only Windows 2000 implements it in a way that exposes this flaw. So in the real-world, the flaw only affects Windows 2000 users; at least to Microsoft's knowledge. So my advice is simple - if you use Windows 2000, patch now. If you use other versions of Windows, patch at your convenience (but still patch).

You can learn more about this security bulletin in the table provided in Microsoft's Bulletin Summary for January. Microsoft's tables (arranged in order of severity) link directly to this month's bulletins and patches. Expand the "Affected Software and Download Location" section of the Summary to find a valuable table that will help you develop your own deployment strategy.

LiveSecurity and LiveSecurity Informer subscribers will receive more detailed information about this flaw, and how to fix them, in an alert we're working on right now. -- Corey Nachreiner, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.