This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

One critical patch from Microsoft - but no fix for #Duqu vulnerability

Share this article:
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday

Microsoft released four security updates on Patch Tuesday.

According to Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, patch MS11-083 should be deployed first as this resolves a privately reported vulnerability in Microsoft Windows that could allow remote code execution if an attacker sends a continuous flow of specifically crafted UDP packets to a closed port on a target system.

Wolfgang Kandek, CTO of Qualys, said this "should be patched with the highest urgency" as it does not require any user interaction or authentication and all Windows machines, workstations and servers that are on the internet can be freely attacked. “This is the patch to apply this month if you have Vista, Windows 7 or Windows 2008, including R2,” he said.

Jason Miller, manager of research and development at Vmware, said: “There are a few items that will make it difficult for an attacker to use this exploit in a worm. First, the network port attacked on the target machine must be closed. Second, a normal UDP packet streamed to a vulnerable machine will not allow the attacker to gain access to the system.

“The UDP packet must be 'specially' crafted. An attacker will need to figure out the type of packet to send to a vulnerable machine. Finally, this vulnerability was privately disclosed to Microsoft so there is no known code out in the wild at this time, and Microsoft has not received any reports of attacks against this vulnerability.”

Andrew Storms, director of security operations at nCircle, said: “The only critical bulletin this month doesn't look very threatening, at least on the surface. The Microsoft Security Research and Defense team blogged about the attack scenario for this bug and described it as ‘difficult to exploit in a real world scenario', probably because default firewall configuration settings successfully block the attack.

“Enterprise security teams should patch this critical bug fairly quickly anyway because if attackers find a way to leverage it, they can gain remote code execution privileges.”

Kandek also highlighted bulletin MS11-085, which is rated important and affects users of Windows 2003. Marcus Carey, Rapid7's security researcher and community manager, said: “MS11-085 is a vulnerability in Windows Mail and Meeting Space, which affects a smaller number of organisations, but is also a possible vector for remote code execution by enticing users to click on malicious files. This attack would be used as part of a social engineering campaign. This should be next in line to patch after the critical one."

Storms said bulletin MS11-084 was the most interesting bulletin this month as it deals with how font files are parsed and only appears to have a lot in common with the Duqu advisory that Microsoft released last week.

Tyler Reguly, technical manager of security research and development at nCircle, said: “MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list. Given all the issues with SSL lately, this could be important.

“One of the things that surprised me this month is that we're still seeing fixes for DLL preloading. While I expected to continue to see these from third-party software vendors, I assumed that Microsoft had already identified all of these flaws internally by now.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.