Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Patch Tuesday focus: Big bunch of Windows kernel bugs?

Gregg Keizer | April 8, 2011
Microsoft may address 'kernel pool' exploits revealed at Black Hat.

Mandt did not reply to Computerworld's emailed questions.

Other fixes in next week's mammoth update will focus on Excel and PowerPoint file formats, Internet Explorer, the online version of PowerPoint, and GDI+, or Graphics Device Interface -- Windows's graphics rendering component, said Storms.

It's possible that Microsoft will patch the IE8 vulnerabilities exploited by an Irish researcher last month at the annual Pwn2Own hacking contest. There, Stephen Fewer of Harmony Security chained three exploits to hack IE8, receiving $15,000 and a Sony laptop from contest sponsor HP TippingPoint for his work.

Microsoft has said that the bugs exploited by Fewer in IE8 were patched in IE9, the new browser the company launched last month.

"But I would have expected Microsoft to say they were going to patch the Pwn2Own bugs in the MSRC blog, which they didn't," said Storms, referring to the Microsoft Security Response Center's blog post of Thursday that spelled out a few details of what will be patched next week.

June may be a more likely target for patching IE's Pwn2Own vulnerabilities, Storms added, because Microsoft fixed the IE flaws exploited in last year's contest in June 2010.

Whatever Microsoft ends up patching on Tuesday, it's going to be a big day for IT administrators.

"I'll use a word my son sometimes uses...ginormous," said Storms. "This is a ginormous month. And a prime candidate for prioritization."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.