Topic
2 replies Latest Post - ‏2014-02-26T23:12:00Z by AndrewRikarts
jdesi91
jdesi91
1 Post
ACCEPTED ANSWER

Pinned topic host is missing Microsoft KB2264107

‏2011-01-07T20:19:13Z |
A nessus scan turns up the following high level vulnerability (pasted below). However I do not see any canned fixlets on this vulnerability. I am curious to find out why? it seems none of our computers have the updated version and had the scan not identified this I would not have known about it.

"Insecure Library Loading Could Allow Remote Code Execution (2269637)

Synopsis:The remote Windows host may be vulnerable to code execution attacks.Description:The remote host is missing Microsoft KB2264107, which provides a
mechanism for mitigating binary planting or DLL preloading attacks.
Insecurely implemented applications look in their current working
directory when resolving DLL dependencies. If a malicious DLL with
the same name as a required DLL is located in the application's
current working directory, the malicious DLL will be loaded.

A remote attacker could exploit this issue by tricking a user into
accessing a vulnerable application via a network share or WebDAV
folder where a malicious DLL resides, resulting in arbitrary code
execution.

Risk factor:High

CVSS Base Score:9.3CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
See also:http://www.nessus.org/u?960d4ef0
See also:http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
See also:http://blog.rapid7.com/?p=5325
See also:http://www.microsoft.com/technet/security/advisory/2269637.mspx

Solution:Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2 :

http://support.microsoft.com/kb/2264107

Please note this update provides a method of mitigating a class of
vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the
'CWDIllegalInDllSearch' registry setting to have any effect.
These protections could be applied in a way that breaks
functionality in existing applications. Refer to the Microsoft
advisory for more information.

Plugin output:
  • C:\WINDOWS\system32\Ntdll.dll has not been patched
Remote version : 5.1.2600.5755
Should be : 5.1.2600.6007"
Updated on 2011-01-07T23:13:16Z at 2011-01-07T23:13:16Z by JackCoates91
  • JackCoates91
    JackCoates91
    7 Posts
    ACCEPTED ANSWER

    Re: host is missing Microsoft KB2264107

    ‏2011-01-07T23:13:16Z  in response to jdesi91
    Hi jdesi,

    We only produce canned fixlets for Microsoft's announced security bulletins (e.g. http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx); KB articles like this one are not pre-built by our content team at this time.

    To distribute the fix, you can use the Windows Software Distribution Wizard to build a fixlet. Note that the article describes several potential registry changes to follow after the update is installed; I would recommend using the Windows Registry Wizard to encode those changes, adding detection of the update to the relevance of those Fixlets, then producing a baseline containing the update fixlets and the registry fixlets.

    thanks,
    Jack
    • AndrewRikarts
      AndrewRikarts
      1 Post
      ACCEPTED ANSWER

      Re: host is missing Microsoft KB2264107

      ‏2014-02-26T23:12:00Z  in response to JackCoates91

      This is a content delivery fail. IBM is not meeting customer expectations. I can almost see the argument for non-security content, but not security content.