13 bulletins were released Tuesday as part of Microsoft’s regularly scheduled monthly security update cycle – five rated Critical, seven rated Important and one rated Moderate – to address 26 vulnerabilities in Windows and Microsoft Office.
There are many vulnerabilities in this set that organizations should be aware of, but it was one of the vulnerabilities rated ‘important’ that caught my attention: MS10-015.
Since other vulnerabilities were rated as Critical, why does this one bother me?
- It’s a kernel level vulnerability
- A successful exploit can escalate privileges and gain access to Ring 0
Microsoft only rates this one as Important because it is not remotely exploitable, i.e. code must be executed locally on the endpoint. But in the world of end-users tempted to click on glittering, shiny objects how hard is that?
No doubt, this will be used in social-engineering attacks to trick users (“your secret admirer has sent you this e-card, click here to see it”) into running code that exploits this vulnerability to gain system-level access. Even running as standard user doesn’t necessarily protect you from single file executables executed directly from the Web.
Or, you’ll see this vulnerability used in combination with another vulnerability in a chained attack. For example, an attack on another vulnerability rated as Important because the code only runs in the context of the user, but subsequently this vulnerability is exploited to gain kernel-level access. This is why Microsoft has rated is exploitability index at a “1” (consistent exploit code likely).
Net/Net – there are a bunch of vulnerability to pay attention to this month and this one although rated as “Important” is really critical in my book and should be treated as such.