Design and Test Lab’s Experts Helped Microsoft to Protect Customers
October 5, 2010
Vitaly Kiktenko and Alexander Saprykin, the employees of Design and Test Lab, in cooperation with Kaspersky Lab’s employees, helped Microsoft to protect Windows’ users. They discovered and reported a critical security vulnerability in Print Spooler Service.
The description of the vulnerability is the following. The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka “Print Spooler Service Impersonation Vulnerability”.
The MS10-061 security update resolves a publicly disclosed vulnerability in the Print Spooler service.
Vitaly Kiktenko, Design and Test Lab’s Lead Security Expert: “Malware reverse engineering is essential in fast eliminating and preventing the consequences of cyber attacks performed with use of malware. An in-depth code analysis helps us to reveal hidden malware functionality, such as exploitation of 0-day vulnerabilities that were not known before. This is very important, because software vendors in collaboration with security experts can fix vulnerabilities before they become widely used and can cause major problems. It was as always pleasure to work with Kaspersky Lab professionals and with Microsoft who was also fast and open for collaboration in fighting against malware”.
About Design and Test Lab
Design and Test Lab, LLC, (www.dnt-lab.com) — antivirus research center, located in Kharkov, Ukraine. The Lab’s focus is analysis of malware and Internet threats: viruses, trojans, and worms. During last five years, Design and Test Lab has described more than 5000 malware samples.
Manager, Design and Test Lab, LLC
Phone: +380 50 949-51-09