15:45 CET on the 9th November 2011 Entry written by Secunia.
This month Microsoft released four bulletins (MS11-083 – MS11-086). Secunia has rated two of them as “Highly Critical”, one as “Moderately Critical”, and one as “Less Critical” while Microsoft has rated one as “Critical”, two as “Important”, and one as “Moderate”. Each of the bulletins covers one vulnerability and of the four bulletins, two have received a rating of “1” in the Microsoft Exploitability Index. Microsoft describes a “1” as “Consistent exploit code likely”.
In the table below you will find an overview of the Microsoft Bulletins and the corresponding Secunia Advisories, as well as the ratings from both Microsoft and Secunia.
Note: The first digit in the “Microsoft Exploitability Index” refers to the latest version of the affected product. The second digit refers to older versions. See “Microsoft Security Bulletin Summary for November” for more details. N/A implies that either older or newer products are not affected or covered by the index.
SA46731 (MS11-083) should receive immediate attention as it may allow execution of arbitrary code by sending a continuous flow of UDP packets to a closed port. It does not have an “Exploitability Index” rating of “1”. However, due to the nature of the vulnerability Secunia emphasizes on the prioritization of this update.
SA46752 (MS11-085) addresses an arbitrary code execution vulnerability due to insecure library loading in Windows Mail and Windows Meeting Space and has an “Exploitability Index” rating of “1”. Note that this should be considered as a “defense in depth” update for Windows 7 and Windows Server 2008 R2 as currently there are no known attack vectors to exploit this vulnerability.
SA46751 (MS11-084) and SA46755 (MS11-086) address a Denial of Service and a Security Bypass vulnerability, respectively. SA46751 resolves a vulnerability in TrueType font parsing, which can be exploited to crash a system if e.g. a user visits a malicious network share. SA46755 can be exploited to gain unintended access to an Active Directory server. However, it only affects a configuration where Active Directory is configured to use LDAP over SSL, which is not a default setting. It also requires an attacker to have access to a revoked certificate and therefore it is unlikely that this vulnerability would be exploited on a large scale. Both vulnerabilities (SA46751 and SA46755) do not allow code execution.
Discuss this blog entry
A new thread in our forum is created. Activate the thread by
Subject: Microsoft Patch Tuesday Roundup - November
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.