Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Microsoft Patch Tuesday Roundup

Get this blog as an RSS Feed
16:40 CET on the 12th October 2011
Entry written by Secunia.

This month Microsoft released eight bulletins (MS11-075 – MS11-082). Secunia has rated five of the them as “Highly Critical”, Microsoft has rated two as “Critical” and the rest as “Important”. For seven of the bulletins at least one of the vulnerabilities has received a rating of “1” in the Microsoft Exploitability Index for one or more of the affected products. Microsoft describes a “1” as “Consistent exploit code likely”.

In the table below you will find an overview of the Microsoft Bulletins and the corresponding Secunia Advisories, as well as the ratings from both Microsoft and Secunia.

Microsoft Bulletin Secunia
Advisory ID
(SAID)
MS KB CVE(s) Secunia Rating MS Rating Microsoft
Exploitability
Index
Vector
MS11-075 SA46403 KB2623699 CVE-2011-1247 Moderate Important 2,1 Remote
MS11-076 SA46404 KB2604926 CVE-2011-2009 High Important 1,1 Remote
MS11-077 SA46405 KB2567053 CVE-2011-1985
CVE-2011-2002
CVE-2011-2003
CVE-2011-2011
High Important 1,1
?,?
1,1
2,2
Remote
MS11-078 SA46406 KB2604930 CVE-2011-1253 High Critical 3,1 Remote
MS11-079 SA46402 KB2544641 CVE-2011-1895
CVE-2011-1896
CVE-2011-1897
CVE-2011-1969
CVE-2011-2012
High Important 1,1
1,1
1,1
1,1
N/A, DoS
Remote
MS11-080 SA46401 KB2592799 CVE-2011-2005 Less Important N/A, 1 Local System
MS11-081 SA46400 KB2586448 CVE-2011-1993
CVE-2011-1995
CVE-2011-1996
CVE-2011-1997
CVE-2011-1998
CVE-2011-1999
CVE-2011-2000
CVE-2011-2001
High Moderate - Critical 1,1 1,1
N/A,1
N/A,1
1,N/A
N/A,1
1,1
1,1
Remote
MS11-082 SA46399 KB2607670 CVE-2011-2007
CVE-2011-2008
Less Important N/A, DoS
N/A, DoS
Local network


Note: The first digit in the “Microsoft Exploitability Index” refers to the latest version of the affected product. The second digit refers to older versions. See “Microsoft Security Bulletin Summary for October” for more details. N/A implies that either older or newer products are not affected or covered by the index.

Prioritisation

Five of the bulletins should receive immediate attention (SA46404, SA46405, SA46606, SA46400, and SA46402) as these all allow execution of arbitrary code and one or more vulnerabilities fixed by each update has an “Exploitability Index” rating of “1”. This implies that Microsoft finds it likely that attackers can develop reliable exploit code.

SA46401 addresses a Privilege Escalation vulnerability and should be considered a “defence in depth” update. Therefore it is strongly recommended to apply this update as it can be exploited to gain elevated privileges on certain version of Windows. However, it is not as urgent as the vulnerabilities with a remote vector.

SA46403 only affects special configurations or systems running third party programs which utilise the Active Accessibility COM object. Therefore it is unlikely that this vulnerability would be exploited on a large scale.

Stay Secure,
Secunia

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Microsoft Patch Tuesday Roundup
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer