dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
15

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

1 recommendation

Cartel

Premium Member

Re: RANT: Why bother hiding a MS update?

BTW with these updates:
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

So some "geek" sits at his computer and tries to sabotage it to find vulnerabilities and reports it to MS.

Well that's fine for a public library or the welfare office or some place you want restricted access, you would want to patch that so some clown can't mess everything up or use the computer for unscrupulous activities, but for me, nobody is getting near this computer unless its physically stolen then updates won't help you there.
Cartel

2 recommendations

Cartel

Premium Member

KB2731847 in MS12-055 replaced by KB2761226

Also in this situation, I want to avoid KB2731847 so I have to avoid KB2761226 too right?

But I can't because not only does KB2761226 have the Win32k Use After Free Vulnerability which is only exploitable with physical access, it includes a patch for TrueType Font Parsing Vulnerability - CVE-2012-2897 which is a web browsing attack scenario and something I would want to patch.....

So now what?

In order to be safe online, I have to install a patch that includes fixes that can't be exploited online, and that I don't want to install.

So.....I'm screwed.
19579823 (banned)
An Awesome Dude
join:2003-08-04

1 edit

19579823 (banned)

Member

 

You can try a system restore and then try hiding the updates again...

What if you DISABLE AUTO UPDATES?? (So you can manually look and decide which ones to get)

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel

Premium Member

well if I hide a update and they release a revised version next month, the hidden update disappears when I click search for updates.
And I do use manual update.

And that's what I'm having to do now is investigate every detail and comb though the updates to make sure they don't slip one in I don't want.

And it's not as easy as doing system restore or just uninstalling the unwanted update.
with KB2724197 or KB2799494 if you install it, some changes are permanent which means I have to restore a image of my drive.

It's time wasted.
LaRRY_PEpPeR
join:2010-03-19
Wentzville, MO

LaRRY_PEpPeR to Cartel

Member

to Cartel

Re: RANT: Why bother hiding a MS update?

said by Cartel:

BTW with these updates:
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

So some "geek" sits at his computer and tries to sabotage it to find vulnerabilities and reports it to MS.

Well that's fine for a public library or the welfare office or some place you want restricted access, you would want to patch that so some clown can't mess everything up or use the computer for unscrupulous activities, but for me, nobody is getting near this computer unless its physically stolen then updates won't help you there.

No, these "must...be able to log on locally" "Elevation of Privilege" vulnerabilities are more important than you think! "Log on locally" could also be taken advantage of in the case of some exploit code that starts running in another process while browsing, etc.

Seems to me one of the most difficult things to protect against, and they are a major concern being on XP still next year after updates end. No new processes are created necessarily to notice or block, they just "elevate" using Windows system processes that are already there. Those, and the TrueType font-type vulnerabilities (fixed a few times now), which don't even require malicious code running first! Just the stupid way Windows handles font parsing in kernel mode. Kernel exploited and nothing you can do (so, I'd want to be sure then to not let any browser, etc. use custom font files, however that can be set).