Windows Security

A few Windows security items out today.

Vulnerabilities in GDI Could Allow Remote Code Execution This is the link to the patch for the Windows Animated Cursor Handling vulnerability, links to download the software for all versions of Windows are included. They note that there is one known issue with this patch, Realtek HD Audio Control Panel (Rthdcpl.exe) may not start and you may receive this error message,

Rthdcpl.exe – Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

If you receive this error message, go to this page, The Realtek HD Audio Control Panel may not start, and you receive an error message when you start the computer: “Illegal System DLL Relocation” and download and run the patch fix it. A restart may be required.

MS07-017 Released They note that the attacks on the vulnerability have increased but are not widespread.

This is not specifically windows related, but I thought I would mention the “knew” JavaScript hijacking vulnerability that was posted yesterday. Web 2.0 is vulnerable to attack Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the ‘Web 2.0′ movement. Lots of comments note that this is not really a new vulnerability, one called it a Cross-Site Request Forgery (CSRF), another man in the middle attacks, because it is client based. From the article,

In an example attack, a victim who has already authenticated themselves to an Ajax application, and has the login cookie in their browser, is persuaded to visit the attacker’s web site. This web site contains JavaScript code that makes calls to the Ajax app. Data received from the app is sent to the attacker.

If the Ajax app was a web mail service, the attacker could get the contents of an inbox or address book, for example. Indeed, Fortify’s research was based on an earlier finding by Jeremiah Grossman, who found such a vulnerability in Gmail last year.

I didn’t see this yesterday, but it looks like eEye released a patch to block the animated cursor flaw, a patch that was not approved by Microsoft, I am sure.

You can follow our new security twitter and catch snippets of the big security stories throughout the day.