Microsoft aims to stop drive-by downloads on Patch Tuesday

Users are vulnerable to drive-by downloads due to flaws in Windows and IE6

Microsoft and third-party security experts warned that users could be subjected to drive-by downloads because of flaws in Windows and Internet Explorer that received fixes on Patch Tuesday this week.

Hackers are likely to use social engineering tricks to lure users to infected Web sites and media files, they warned. The vulnerabilities are among 10 security updates that patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint.

Microsoft TechEd event to shed light on cloud computing plans

One bug in particular – a Windows kernel TrueType font parsing vulnerability – was rated as the most serious Patch Tuesday fix by Joshua Talbot, security intelligence manager for Symantec.

"Exploiting this - likely through a drive-by download attack - would give an attacker near system-level privileges. It's doubtful that attackers would compromise a legitimate site to exploit this vulnerability, so users should be extra cautious of social engineering tricks coaxing them to visit unfamiliar Web pages, which could contain a malicious font."

The TrueType vulnerability was contained in Security Bulletin MS10-032, one of the ten issued by Microsoft Tuesday.

However, Microsoft rated three other bulletins as being even more important than this one, with two of them involving potential drive-by downloads, which occur when users authorize a download without understanding the consequences, or that simply occur without the user's knowledge.

MS10-033, a critical bulletin, "is a remote code execution vulnerability in both Quartz.dll and Asycfilt.dll and is rated Critical on all supported versions of Windows. Specially crafted media files could trigger the vulnerability when a user visits a web page or opens a malicious file," Microsoft said.

With this vulnerability, hackers may use media files to lure users into downloading malicious code.

"This could result in a drive-by download where the user visits a specially crafted Web site, and in this case it would be like a media file that could start streaming or the user could open a specially crafted media file that got sent to them via e-mail or some method like that," Microsoft security official Jerry Bryant said in a video accompanying the announcement.

These bugs are on par with some of the most critical ones observed on Patch Tuesday, says Andrew Storms, director of security operations at the security vendor nCircle.

Rather than making businesses vulnerable on the server side, this month's most serious bugs mainly target end users, he said."What looks to be a normal movie file that you click on and watch could have embedded malware inside and take control of your system," Storms said.

Similarly, the new bulletin MS10-035 involves flaws in Internet Explorer which could also result in drive-by downloads.

A third critical bulletin, MS10-034, involves ActiveX Kill Bits and affects Windows 2000, XP, Vista and Windows 7.Kill Bits ensure that vulnerable ActiveX controls can no longer be exploited through Internet Explorer.

Typically, Kill Bits are issued for third-party software, rather than for software created by Microsoft, according to Storms. What is unusual about MS10-034 is that two out of the six Kill Bits being issued are for Microsoft ActiveX controls.

"What that means is Microsoft has found one of their ActiveX controls to be vulnerable as well," Storms said. "Today they found two. That's unusual. We haven't seen that from Microsoft since last summer."

Overall, this was a record-setting month for Patch Tuesday.

"This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year," Talbot of Symantec said. "This month's release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together."

Follow Jon Brodkin on Twitter:

Read more about wide area network in Network World's Wide Area Network section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Microsoftsecurityie6flaws

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World
Show Comments

Cool Tech

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Gadgets & Things

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >


Learn more >

Family Friendly

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on Good Gear Guide

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?