Blog
Anand Yadav

Microsoft October2011 Patch Tuesday Released

October 12, 2011
0
Estimated reading time: 4 minutes

Microsoft has released 8 security bulletins covering a total of 23 vulnerabilities for software such as Microsoft .NET Framework, Microsoft Silverlight, Internet Explorer, Microsoft Forefront United Access Gateway and Microsoft Host Integration Server.

6 out of the 8 bulletins are rated ‘Important’, while 2 are rated ‘Critical’. Some of the patches indicated a required restart after updating the machine with the affected software. Users and administrators are advised to immediately address these security flaws.

The following vulnerabilities are rated “Critical”:

MS11-078 -Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

MS11-081 -Cumulative Security Update for Internet Explorer (2586448)
This security update resolves 8 privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The following vulnerabilities are rated “Important”:

MS11-075 -Cumulative Security Update for Internet Explorer (2586448)
This security update resolves 8 privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-076 -Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.

MS11-077 -Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
This security update resolves 4 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location or an email attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an email attachment.

MS11-079 -Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
This security update resolves 5 privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected website using a specially crafted URL. However, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

MS11-080 -Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid login credentials and be able to log in locally to exploit the vulnerability.

MS11-082 -Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
This security update resolves 2 publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit:
http://technet.microsoft.com/en-us/security/bulletin/ms11-oct

We recommend that users set ‘Windows Update’ mode to ‘Install updates automatically’ so that the important patches get applied automatically.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image