Last time, we talked about MS12-024 (CVE-2012-0151), which states that a vulnerability in the way WinVerifyTrust operates could allow an attacker to modify a signed executable so that it runs arbitrary code, but the signature remains verifiable. We now give more details on the patch for Windows XP SP3.
Continue reading
Every second Tuesday of the month, Microsoft releases a batch of security (and other) updates for its products. This is known as Patch Tuesday. Microsoft’s security updates for April 2012 contain several patches, one of them is described in security bulletin MS12-024. The bulletin talks about remote code execution through the use of specially-crafted, digitally-signed, portable executable (PE) files. The vulnerability is rated critical. To better understand what this is all about, we want to first see what a digitally-signed PE (using Windows Authenticode) looks like.
Continue reading