|
|
|
New attack surface reduction feature in GDI |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : MS09-062 fixes several vulnerabilities in GDI related to image parsing. It also includes a feature which allows administrators to disable parsing for each of the different image formats. This feature was publicly released early this year in an optional GDI update available on the Microsoft Download Center, but is now being release as part of this bulletin. After installing this update, you can selectively turn off each of the image parsers in GDI . This can be helpful in reducing the attack surface of your computer. For example, if you have no need to display TIFF files on a computer, you can disable just the TIFF parsing in GDI , reducing your attack surface and susceptibility to any future vulnerabilities in the GDI TIFF parsing code. Below is a table of the parsers in GDI that can be disabled, and the registry keys used to disable them Format Registry Key BMP HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisableBMPCodec DWORD 1 GIF HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisableGIFCodec DWORD 1 PNG HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisablePNGCodec DWORD 1 ICO HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisableICOCodec DWORD 1 TIFF HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisableTIFFCodec DWORD 1 JPEG HKEY_LOCAL_MACHINE SOFTWARE Microsoft Gdiplus DisableJPEGCodec DWORD 1 WMF EMF HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion GRE_Initialize DisableMetaFiles DWORD 1 The disable switch for WMF and EMF was present before this update included for completeness When one of these disable switches is activated, any attempts to parse a file of that particular format will return an error, just like the parser would normally return an error if the image file was corrupted. Some applications might assume that parsing will always succeed, particularly when parsing images installed as part of the application. These applications may not gracefully recover when GDI returns the error. For this reason, if you want to use this feature to reduce your attack surface, we recommend first disabling the parsers you don t plan to use, and then testing the applications you use frequently to make sure they are not adversely affected. Also note that this feature reduces your attack surface by disabling the GDI parser for a particular image format, not all parsers for that image format on your computer. Some applications, including Microsoft applications, do not use GDI for image parsing. Those other parsers would not be disabled by these registry keys. We hope you find this feature, and this post, helpful -Kevin Brown, MSRC Engineering Special thanks to Christopher Leung and Ryan Becker from the Windows Sustained Engineering team.
Les mots clés de la revue de presse pour cet article : attack
Les videos sur SecuObs pour les mots clés : attack
Les éléments de la revue Twitter pour les mots clé : attack
Les derniers articles du site "Security Research Defense" :
- CDD.dll vulnerability Difficult to exploit
- MS10-031 VBE6 Single-Byte Stack Overwrite
- MS10-030 Malicious Mail server vulnerability
- Sharepoint XSS issue
- Registry vulnerabilities addressed by MS10-021
- MS10-020 SMB Client Update
- Assessing the risk of the April Security Bulletins
- Help keypress vulnerability in VBScript enabling Remote Code Execution
- Using code coverage to improve fuzzing results
- Details on the New TLS Advisory
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
