This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday

Share this article:
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday

Microsoft released 13 security bulletins on this month's Patch Tuesday, with two rated as critical.

As announced by SC Magazine last week, the bulletins covered 22 vulnerabilities and also included nine patches rated as important and two rated as moderate. The two most important to deploy, according to Microsoft and commentators, is MS11-057 for Internet Explorer and MS11-058 for the DNS Server.

Wolfgang Kandek, CTO at Qualys, said that MS11-057 is critical as it affects all versions of Internet Explorer. “Attackers can take complete control of a computer by setting up a malicious web page and attracting the victim to the page. The exploitability index for this issue is ‘1', indicating that we will see a reliable exploit soon,” he said.

Jason Miller, manager of research and development at VMware, said: “Two of the seven vulnerabilities fixed with this bulletin are publicly known. At this time, Microsoft has not received any reports of attacks against the vulnerabilities. With any publicly disclosed vulnerability exploit code, it is important to patch immediately.”

The second critical bulletin is MS11-058 which patches a server side vulnerability affecting the Microsoft DNS server running on Windows 2003 and 2008. Kandek said: “It allows the attacker to crash the server and in the worst case scenario, take complete control. To exploit this issue the attacker sets up a malicious DNS server and requests a DNS record from the server from inside of the victim's network.

“The exploitability rating for this is ‘3' which implies that a remote code execution exploit is unlikely to be seen in the next 30 days.”

Tyler Reguly, technical manager of security research and development at nCircle, said: “Microsoft listed the DNS server vulnerability as ‘critical' and placed it above other issues, such as cross site scripting and the remote ‘blue screen of death'. Given the exploitability index assigned to this vulnerability and the importance of XSS as an attack vector, I'm not sure I fully agree. For most enterprises the top of the list should be, as expected, the Internet Explorer patch.”

Miller said: “The attack vector for this vulnerability depends on your DNS server configuration, if your DNS servers have caching of DNS relaying enabled, the systems will be at risk for a remote attack. Even if your DNS servers do not have this type of configuration, you should still deploy the patch.

“An administrator could potentially change configuration in the future, making it vulnerable if left unpatched. In addition, this bulletin marks a good opportunity to review your DNS server configuration and harden the system.”

Kandek also highlighted patches MS11-061, MS11-066 and MS11-067 that affect remote desktop web access login, microsoft chat web control and report viewer web control respectively. “MS11-061 and MS11-067 are XSS issues, while MS11-066 can be used to reveal contents of files stored on the web server,” he said.

He also pointed to denial-of-service issues in Windows Vista and Windows 7 with MS11-064 and MS11-065 respectively, as these can cause a blue screen when a victim machine receives a malicious ICMP and TCP/IP-QOS (for 064) and RDP (for 065) packets from a remote unauthenticated attacker.

Andrew Storms, director of security at nCircle, said: “Although it isn't listed as ‘critical' by Microsoft, the MS11-064 bulletin this month demands special attention. Attackers can take advantage of this bug to cause a remote reboot of Windows computers even if they have a local firewall enabled. Back in the early 90's, we used to call this kind of bug the ‘ping of death.'

“It will take about ten minutes for attackers to write and distribute an attack tool to take advantage of this bug. Then, anyone can easily grab that attack tool and with a single click, cause your Windows network to reboot. The malicious potential is enormous. The most troubling thing about this bug is that the local Windows firewall does not mitigate the attack.” 

Miller also said that Microsoft has re-released three previously-released security bulletins, with more products that affected by bulletin MS11-025, additional stability added to MS11-043 and additional detection updates for Visual Studio 2005 added to MS11-049.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...