Microsoft to Fix Two Windows Holes on Patch Tuesday

Patch Tuesday will bring two security bulletins from Microsoft, one of which is critical and involves a remotely exploitable hole on Windows systems, the other of which is rated important and also affects Windows.

eEyes Zero-Day Tracker, as of Nov. 9, is listing three active zero-day Windows and Internet Explorer vulnerabilities, all of which have been publicly disclosed and/or used in attacks, none of which have been patched.

The critical patch promised for the Nov. 13 Patch Tuesday could well be a flaw in a Macrovision driver on Windows XP and Windows 2003. That vulnerability was actively being exploited in the wild as of Nov. 5, when Microsoft sent a special security advisory to warn customers of the danger of complete system takeover.

Microsoft said at the time that Vista is immune to the vulnerability, which is a memory corruption error in the Macrovision Security Driver when processing user-supplied data. The vulnerability can be used by local attackers to gain so-called Ring 0 privileges—a hierarchical level with the most privileges and which interacts most directly with physical hardware, including the CPU and memory.

Similarly, the critical patch expected on Patch Tuesday affects Windows XP and Windows 2003, not Vista, meaning theres a good chance that is the bug thats next up for a fix.

Microsoft might also be planning to release a security update to fix the Windows hole thats been letting attackers run wild with rigged PDF files. The company put out a special security advisory on Oct. 25 regarding that exploit, which has involved a wave of malware spamming in late October that reached what security researchers called “massive” proportions.

The important Windows update concerns spoofing, Microsoft said in its monthly security bulletin advance notice.

Both the updates will require a restart except under certain conditions with the one marked “important.” In the case of both updates, Microsoft Baseline Security Analyzer can detect whether a system requires the update.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.