A hacker has discovered five vulnerabilities in Microsoft Windows software.
LISA is performing a risk analysis on the reported vulnerabilities. As Microsoft does not have a solution yet the main focus is on measures to reduce the chance of abuse.
The most important vulnerabilities are listed below. As soon as we have more information, we will update this news item.
- Task Scheduler.
A vulnerability in Task Scheduler offers the possibility to obtain the highest possible (SYSTEM) rights.
This vulnerability is primarily a problem on Terminal Servers. LISA is investigating possibilities to disable Task Manager without this having too great an impact on users.
The impact on other systems is relatively small.
- Internet Explorer 11
Modern browsers use a technique called Sandboxing. This prevents the browser from downloading downloaded malware to the rest of the system.
The vulnerability in Internet Explorer 11 creates a gap in that system. This allows malware to reach the system. Such vulnerabilities are often exploited in conjunction with other vulnerabilities, such as the vulnerability listed above in Task Scheduler.
- Windows App Store
Windows 8 has introduced the concept of an App Store in Windows. The new vulnerability exploits the way new apps are downloaded and installed on Windows computers.
For the time being we urge everybody to be carefull with installing apps through the App Store.
Page updated on 27 May: Information about new vulnerability in Windows App Store added.