This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

One critical patch from Microsoft - but no fix for #Duqu vulnerability

Share this article:
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday
Microsoft to release 13 bulletins covering 22 vulnerabilities on its August Patch Tuesday

Microsoft released four security updates on Patch Tuesday.

According to Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, patch MS11-083 should be deployed first as this resolves a privately reported vulnerability in Microsoft Windows that could allow remote code execution if an attacker sends a continuous flow of specifically crafted UDP packets to a closed port on a target system.

Wolfgang Kandek, CTO of Qualys, said this "should be patched with the highest urgency" as it does not require any user interaction or authentication and all Windows machines, workstations and servers that are on the internet can be freely attacked. “This is the patch to apply this month if you have Vista, Windows 7 or Windows 2008, including R2,” he said.

Jason Miller, manager of research and development at Vmware, said: “There are a few items that will make it difficult for an attacker to use this exploit in a worm. First, the network port attacked on the target machine must be closed. Second, a normal UDP packet streamed to a vulnerable machine will not allow the attacker to gain access to the system.

“The UDP packet must be 'specially' crafted. An attacker will need to figure out the type of packet to send to a vulnerable machine. Finally, this vulnerability was privately disclosed to Microsoft so there is no known code out in the wild at this time, and Microsoft has not received any reports of attacks against this vulnerability.”

Andrew Storms, director of security operations at nCircle, said: “The only critical bulletin this month doesn't look very threatening, at least on the surface. The Microsoft Security Research and Defense team blogged about the attack scenario for this bug and described it as ‘difficult to exploit in a real world scenario', probably because default firewall configuration settings successfully block the attack.

“Enterprise security teams should patch this critical bug fairly quickly anyway because if attackers find a way to leverage it, they can gain remote code execution privileges.”

Kandek also highlighted bulletin MS11-085, which is rated important and affects users of Windows 2003. Marcus Carey, Rapid7's security researcher and community manager, said: “MS11-085 is a vulnerability in Windows Mail and Meeting Space, which affects a smaller number of organisations, but is also a possible vector for remote code execution by enticing users to click on malicious files. This attack would be used as part of a social engineering campaign. This should be next in line to patch after the critical one."

Storms said bulletin MS11-084 was the most interesting bulletin this month as it deals with how font files are parsed and only appears to have a lot in common with the Duqu advisory that Microsoft released last week.

Tyler Reguly, technical manager of security research and development at nCircle, said: “MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list. Given all the issues with SSL lately, this could be important.

“One of the things that surprised me this month is that we're still seeing fixes for DLL preloading. While I expected to continue to see these from third-party software vendors, I assumed that Microsoft had already identified all of these flaws internally by now.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

StubHub ticketing agency taken for a million pounds

StubHub ticketing agency taken for a million pounds

Police around the world have arrested seven people - thought to have been tied into an international fraud ring - that allegedly defrauded the eBay-owned StubHub online ticketing service of ...

DDoS attacks grow as first DIY kits emerge

DDoS attacks grow as first DIY kits emerge

The latest report from Akamai Technologies has revealed another increase in DDoS attacks and the resurgence of botnets to carry out server-based attacks.

WordPress plugin flaw opens blogs up to cybercriminals

WordPress plugin flaw opens blogs up to cybercriminals

A WordPress plugin called MailPoet - which has been downloaded around 1.7 million times - has placed large numbers of WordPress-based websites at risk of incursion.