Discussion of this month's patch Tuesday is overshadowed by the massive releases from spearphishing, web and SQLi attacks reported in the media. Four bulletins are being released to address 22 CVE records, or sets of vulnerabilities.
Two of the vulnerabilies immediately enabling remote code execution is the Bluetooth related vuln, however unreliable attacking it may be, and a Visio vuln. A set of vulnerabilities in the CSRSS leading to elevation of privilege and a long set of win32k flaws are impacted.
Microsoft prioritizes deployment of the Bluetooth patch on Vista and Windows 7 client platforms highest. Servers should not be effected. I suppose that in close working environments, it could potentially enable a worm. But the likelihood of another Cabir is low. High value targeted attacks seem to be more of a risk.
The Visio vulnerability was publicly known and PoC released since at least August of last year. Some of our generic detections most likely would have prevented exploitation of this vuln. We are researching for any evidence of related exploitation and will update accordingly.
If you see any problems from the kernel level patches, please comment below, I am interested. Win32k modifications have caused users problems in the past. Cheers to problem free patching!
Yesterday one of our employees was out for the evening. And naturally enough, used the metro. As you may know, the Moscow Metro is one of the busiest mass transit systems in the world, transporting approximately 9 million people a day.
With so many passengers, a number of whom now have smartphones, what are the chances of infection by Cabir or another virus for mobiles? Hard to tell exactly - all we do know is that while descending to the station, our employee detected an attempt by Cabir to infect her phone.
This is the third time she's experienced this in two months. You may think that this is a low frequency. You may also wonder why an employee of Kaspersky Lab is walking around with a phone in 'visible to all' mode.
In my opinion, it shows that Cabir has already spread far and wide, in Moscow if not in other regions of Russia. OK, three times in two months, when compared to the daily attacks which PCs are subjected to, isn't that high a frequency. And Cabir doesn't, theoretically, pose that much of a danger.
But this case illustrates the way in which mobile malware is gathering momentum. I don't want to think about what will happen when someone - and this will happen sooner, rather than later - releases a viable worm for mobiles which is written with the intention of doing serious damage. Seems like the Metro might become a very dangerous place for smartphone owners.