MS10-021 addresses eight different Windows vulnerabilities. Five of them, CVE-2010-0234 through CVE-2010-0238, stem from an obscure bit of Windows registry functionality called “registry links”. A quick search in MSDN reveals this description: “REG_LINK: Specifies a Unicode symbolic link. Used internally. Applications do not use this type”. Clear as mud, right? Registry links are similar to symbolic links in NTFS (http://msdn.microsoft.com/en-us/library/aa365680(VS.85).aspx)). They create a special type of registry key that, when navigated to, redirects the user to another location of the registry.
Examining the affected platforms for each case, it’s evident that the majority of these issues were found and fixed in Vista, due to the extra security work required by the SDL (http://blogs.msdn.com/sdl/). None of the issues affect Windows 7 or Windows Server 2008. Users who have moved beyond Windows XP are better off than others.
Just how bad are these issues? All of them require a logged on local user to trigger. This could be done as a secondary attack after the computer is already compromised or by a malicious user already trusted within the organization. In the grand scheme of all updates released today, these issues may be a lower priority for you to install.
We’d like to salute the finders of this class of attack, Matthew ‘j00ru’ Jurczyk and Gynvael Coldwind, and thank them for reporting these issues responsibly, allowing us to comprehensively address the issues on all platforms. Nice work, guys.
- Nick Finco, MSRC Engineering
*Posting is provided “AS IS” with no warranties, and confers no rights.*