Posted on Wednesday, February 09 2011 @ 19:14 CET by Thomas De Maesschalck
Microsoft fixed a large number of security vulnerabilities on this month's edition of Patch Tuesday. The update cycle contained 12 security updates that patched a total of 22 bugs in Windows, IE, Office and other software. Three of the updates received a "critical" rating, while the remaining nine were labeled as "important".
An analyst suspected that one of the dozen updates was released to prevent hackers from exploiting Windows 7 in the Pwn2Own contest slated to start in four weeks.
"I think this was a strategic move by Microsoft to prevent [researchers] from using the vulnerability as a mechanism to bypass ASLR," said Andrew Storms, director of security operations for nCircle Security, referring to the MS11-009 update that patched a bug in the JScript and VBScript scripting engines within Windows.
At Pwn2Own, which runs March 9-11 at the CanSecWest security conference, attackers armed with unpatched vulnerabilities and corresponding exploits will try to hack browsers running on Windows 7. To do so, they must sidestep ASLR -- for "address space layout randomization" -- one of Windows 7's two anti-exploit technologies.
Source: ComputerWorld
