Sales
0208 045 4945
Support
0800 230 0032

November 2011 Microsoft Security Bulletin Release

As mentioned in Novembers advance notification post this month’s security bulletin releases are now confirmed to contain 4 bulletins addressing 4 vulnerabilities.

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and hence impacting on services provided:

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
Critical
Remote Code Execution
Requires restart Microsoft Windows
MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
Important
Remote Code Execution
May require restart Microsoft Windows
MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
Important
Elevation of Privilege
Requires restart Microsoft Windows
MS11-084 Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.
Moderate
Denial of Service
Requires restart Microsoft Windows

While this is the lightest patch Tuesday of the year, MS11-083 affects all Windows based devices and is patching what looks to be the worst vulnerability of the year.

So in summary, we are likely to see updates requiring reboots of servers this month. (As usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

 

MC.

Enjoy this article?