Ah, April, for most of us the weather is turning warm, birds return to their trees, flowers start blooming and the Red Sox lead the American League East, at least for a day or two. Some of us will get to go outside and enjoy those things and some of us will get to spend some quality time in our server rooms applying patches. We have nine bulletins from Microsoft this month, two of them critical. Five bulletins deal directly with Windows, one with Internet Explorer 6, 7, and 8, one with SharePoint, one with Windows Defender and one that impacts Microsoft InfoPath 2010, SharePoint, Groove Server and Office Web Aps.
Microsoft doesn’t supply a lot of information with the Advance Notification, as it is just a notification, but if I had to guess I’d say the IE bulletin is probably another use-after-free vulnerability that we have been seeing so much of the last few months that results in Remote Code Execution. The other critical bulletin this month impacts Windows itself and I’ll guess that this has to do with Kernel Mode Drivers which might be a bit of a stretch as this does result in RCE but that area has been a popular target for researchers recently.
One bulletin impacts a lot of different products Microsoft InfoPath 2010, SharePoint, Groove Server and Office Web Aps. The Oracle Outside-In libraries have taken a pretty good beating the last few months and I suspect the beating will continue here. In this case the result is an elevation of privilege.
One bulletin I will be a little curious about is the one that impacts Windows Defender for Windows 8 and RT and results in an elevation of privilege. I am mostly curious about how this issue was discovered and disclosed. Windows Defender isn’t something that has seen a lot of attention from researchers but would definitely be a juicy target of attackers.
All nine bulletins and their patches are scheduled to be released next Tuesday so we will get all the juicy details then. Just about the same time the Yankees take over first place and us Red Sox fans start planning for next year.