October 2011 Patch Tuesday

Blog Post created by mjc on Oct 12, 2011

Many_patches.jpgThis month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'.


In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These vulnerabilities were privately reported to Microsoft by security researchers and companies. As far as we know, none of the vulnerabilities have been used in the wild. Having said that, this is something that system administrators and home users should be patching as soon as possible as, when it comes to browser exploits, I expect public exploit code to be available in pretty short order. If users visit malicious websites with an attack targeting this vulnerability it will be game over, with a total compromise of their system.



MS11-078 is an interesting bulletin because it requires administrators to patch both .NET and Silverlight installations. Patching to mitigate the vulnerabilities associated with this bulletin is critical, so administrators need to be diligent in applying both fixes or else this vulnerability will persist.



MS11-079 for Microsoft Forefront will affect the smallest number of organizations, because security infrastructure is one of the few areas where Microsoft isn't dominant. The specially crafted URL warning is indicative of a Cross Site Scripting (XSS) vulnerability. Forefront gives organizations VPN access to their internal networks, so an attacker would be able to exploit the vulnerability to steal login credentials and gain access to customer data. If you are running Forefront, I recommend testing and patching as soon as possible. Attackers can use tools such as SHODAN or vulnerability scanners to scan for sites running Forefront over the Internet, since it is Internet facing software.