Menu
Patch Tuesday focus: Big bunch of Windows kernel bugs?

Patch Tuesday focus: Big bunch of Windows kernel bugs?

Microsoft may address 'kernel pool' exploits revealed at Black Hat

Microsoft's record-setting security update next week may patch a large number of vulnerabilities in the Windows kernel, researchers said today.

On Thursday, Microsoft announced that next week's monthly security update will feature a record-tying 17 bulletins that patch a record 64 vulnerabilities , 15 more than the previous largest-ever set in October 2010.

While Microsoft does not reveal much information about the upcoming updates in its advance notifications , the sheer number of critical bulletins that affect Windows -- nine altogether, more than half the total -- likely means that at least one affects the kernel, said Andrew Storms, director of security operations at nCircle Security.

"Although there's not enough to go on from the advance notification, I think one or more kernel patches is a pretty darn good possibility," said Storms. "They've had their problems with the kernel lately."

Of the nine critical Windows bulletins scheduled for next week, seven affect Windows XP, nine affect Vista and eight affect Windows 7.

Microsoft last patched the Windows kernel -- the heart of the operating system -- on February 8, but also fixed kernel flaws in each of 2010's even-numbered months.

That pattern -- this is an even-numbered month -- hints at kernel patches among the 64 slated for next week.

Another clue to the composition of Tuesday's updates came from Aaron Portnoy, manager of HP TippingPoint's security research team. In a message on Twitter yesterday, Portnoy said, "I had heard a good deal of that is due to @kernelpool," as he replied to French security company Vupen's note that Microsoft will patch a record number of flaws.

"Kernelpool" is the nickname of Norwegian security researcher Tarjei Mandt, who works for Norman ASA, an anti-virus firm headquartered in an Oslo suburb.

Mandt reported five of the kernel vulnerabilities Microsoft patched two months ago, and several others in 2010. And at the Black Hat security conference held in Washington D.C. in January, Mandt led a presentation and published a paper ( download PDF ) on "kernel pool" exploitation techniques in Windows 7.

In the paper, Mandt said, "In spite of the security measures introduced [in Windows 7, it] is still susceptible to generic kernel pool attacks."

Kernel pools are memory blocks devoted to the operating system's kernel, said Storms.

Mandt also suggested that Microsoft would eventually close those holes. "Most of the identified attack vectors can be addressed by adding simple checks or adopting exploit prevention features from the userland heap," said Mandt in his paper. "Thus, in future Windows releases and service packs, we are likely to see additional hardening of the kernel pool."

Mandt did not reply to Computerworld's emailed questions.

Other fixes in next week's mammoth update will focus on Excel and PowerPoint file formats, Internet Explorer, the online version of PowerPoint, and GDI+, or Graphics Device Interface -- Windows's graphics rendering component, said Storms.

It's possible that Microsoft will patch the IE8 vulnerabilities exploited by an Irish researcher last month at the annual Pwn2Own hacking contest. There, Stephen Fewer of Harmony Security chained three exploits to hack IE8 , receiving $15,000 and a Sony laptop from contest sponsor HP TippingPoint for his work.

Microsoft has said that the bugs exploited by Fewer in IE8 were patched in IE9 , the new browser the company launched last month.

"But I would have expected Microsoft to say they were going to patch the Pwn2Own bugs in the MSRC blog, which they didn't," said Storms, referring to the Microsoft Security Response Center's blog post of Thursday that spelled out a few details of what will be patched next week.

June may be a more likely target for patching IE's Pwn2Own vulnerabilities, Storms added, because Microsoft fixed the IE flaws exploited in last year's contest in June 2010.

Whatever Microsoft ends up patching on Tuesday, it's going to be a big day for IT administrators.

"I'll use a word my son sometimes uses...ginormous," said Storms. "This is a ginormous month. And a prime candidate for prioritization."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about security in Computerworld's Security Topic Center.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoperating systemssoftwareWindows

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments