Saturday, January 8, 2011

Microsoft: Assessing the Risk of Public Vulnerabilities

Via Microsoft's SRD Blog (Security Research & Defense) -

At Microsoft, as at most large software vendors, we are likely to have publicly known issues under investigation at any given time. This is what we do on the Security Research & Defense team. Recently we’ve seen confusion from folks trying to make sense of some of the current public issues. To help clear that up, we offer this table of information to help customers make a risk assessment for their particular environment. Note that applying the Microsoft-recommended workaround for any issue in the table removes the risk posed by the issue entirely.


Kudos to Microsoft for putting the list together.

According to the table presented by the SRD team, Microsoft is tracking five public vulnerabilities....but eEye shows six open Microsoft vulnerabilities in their Zero-Day tracker.

It would seem the SRD is focusing on the remotely exploitable issues, which is understandable. But locally exploitable (i.e. privilege escalation) issues should not be overlooked, as their use by malware has been seen and is only expected to increase in the future.

The vulnerabilities missing from the Microsoft SRD list?
Microsoft Windows Fax Services Cover Page Memory Corruption
Microsoft Windows RtlQueryRegistryValues Local Privilege Escalation
Of course, the list over at eEye isn't totally complete either. It is lacking the WMI Administrative Tools ActiveX control vulnerability...

No comments:

Post a Comment