Originally Posted by Jen Ellis
This week’s Patch Tuesday was pretty significant, with a record-tying 17 bulletins that patch a record 64 vulnerabilities, 15 more than the previous largest-ever set in October 2010. As usual, the Rapid7 team was all over it, monitoring the threat and trying to help out where possible.
This month’s bulletin addresses vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI+. There are several critical security flaws, so prioritizing remediation efforts will be very important for all system administrators this month.
MS11-020 looks like the most severe flaw, with an exploit scenario similar to MS08-067 (server service, pre-authentication). It should be at the top of most organizations’ list for remediation since it is based on a common server (SMB), is rated “exploit-likely” by Microsoft, and does not require user–authentication. This bulletin includes one transaction parsing vulnerability. This requires an attack to send a malicious crafted SMB packet against a vulnerable system including Windows XP SP3- Windows 7.
MS11-018 should be a high priority for most organizations as there are currently two vulnerabilities associated with this bulletin being exploited in the wild. Both of these are memory corruption vulnerabilities, requiring client interaction, which does raise the bar on the attacks as they will need to setup a malicious website and perform a drive-by malware-based attack.
MS11-030 uses UDP/TCP ports 5355, a service that many folks don’t specifically firewall today. This may be trivially exploitable, but more work still needs to be done to verify this. Another interesting thing to note for MS11-030 (Vulnerability in DNS Resolution) is that it would only allow elevation of privileges on Windows XP SP3 and 2003, but would allow remote code execution on Windows Vista, 2008 and 7. This means that anyone that has deployed newer versions of Windows should make sure they carefully review this bulletin.
Our advice on this was picked up by a number of people covering Patch Tuesday and you can see more on their take at the following links:
- Tech Herald – http://www.thetechherald.com/article.php/201115/7052/Microsoft-pushes-soul-crush ing-patch-release
- Computerworld – http://www.computerworld.com/s/article/9215751/Microsoft_delivers_monster_securi ty_update_for_Windows_IE?taxonomyId=17&pageNumber=1
- CRN – http://www.crn.com/news/security/229401450/microsoft-smashes-patch-tuesday-recor d-with-massive-update.htm;jsessionid=nUjnvhJwGEXE+zDIwcNwlA**.ecappj02
If you have a Patch Tuesday story or some tips to share, post it in our comments section…