It’s Microsoft Patch Day again. As expected, today's Patch Day has a Windows theme, since all of Microsoft's security bulletins affect Windows or components that ship with it. More importantly, most of the updates primarily affect modern versions of Windows, such as Windows Vista, 7, or Server 2008; only one of the Important bulletins affect older versions of Windows.
If you feel that you need assistance when applying Microsoft updates, please call us at 516-762-0155.
Bulletins Affect TCP/IP, Active Directory, Windows Mail, and More
Severity: High
Summary:
· These vulnerabilities affect: All current versions of Windows and components that ship with it (though most only affect more recent versions of Windows)
· How an attacker exploits them: Multiple vectors of attack including sending specially crafted packets, or enticing users into opening booby-trapped files
· Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
· What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
Exposure:
Today, Microsoft released four security bulletins describing four vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees, with most of this month's bulletins affecting Windows Vista, 7, and Server 2008. A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PCs. The summary below lists the vulnerabilities, in order from highest to lowest severity.
· MS11-083: TCP/IP Remote Code Execution Vulnerability
As you would expect, the Windows TCP/IP stack is a set of networking protocols that allows your computer to get on the Internet and participate in modern networking. Unfortunately, the Windows TCP/IP stack suffers from an i nteger overflow flaw involving its inability to properly parse a continuous flow of specially crafted UDP packets. By sending such packets, an attacker could leverage this flaw to gain complete control of your Windows computer. This flaw only affects Windows Vista, 7, and the Server 2008 versions of Windows. That said, this is a seriously vulnerability, and we recommend you patch it immediately.
Microsoft rating: Critical
· MS11-085: Windows Mail and Meeting Space Insecure Library Loading Vulnerability
Windows Mail is the default email client that ships with Windows and Meeting Space is a built in document and desktop sharing application. Unfortunately, both these components suffers from the insecure Dynamic Link Library (DLL) loading class of vulnerability that we've described in many previous Microsoft alerts. In a nutshell, this class of flaw involves an attacker enticing one of your users into opening some sort of booby-trapped file from the same location as a specially crafted, malicious DLL file. If you do open the booby-trapped file, it will execute code in the malicious DLL file with your privileges. If you have local administrative privileges, the attacker could exploit this type of issue to gain complete control of your computer. In this particular case, the vulnerability is triggered by files types associated with Mail and Meeting Space--specifically .EML and .WCINV files.
Microsoft rating: Important.
· MS11-086: Active Directory Elevation of Privilege Vulnerability
Active Directory (AD) provides central authentication and authorization services for Windows computers and ships with server versions of Windows. Among its many options, AD allows you to authentication using certificates. AD suffers from a certificate handling vulnerability when configured to use LDAP over SSL (LDAPS). In short, AD doesn't properly recognize revoked SSL certificates, which means an attacker can use a revoked certificate to authenticate and possibly gain access to your systems. However, the attacker would first have to somehow gain access to the revoked certificate for a valid account on your domain to leverage this flaw, which significantly mitigates its severity. If an attacker has access to valid account certificates, revoked or not, you already have a serious problem on your hands.
Microsoft rating: Important.
· MS11-084: Kernel-mode Driver Denial of Service Vulnerability
The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. The kernel-mode driver suffers from a Denial of Service (DoS) vulnerability involving the way it handles specially crafted TrueType font files. By enticing one of your users to open a specially crafted font file, or to browse to a share hosting such a file, an attacker could exploit this flaw to cause your system to stop responding, until you restart it. This flaw only affects Windows 7 and Server 2008 R2.
Microsoft rating: Moderate.
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
· For Windows Vista x64 (w/SP2)
· For Windows Server 2008 (w/SP2)
· For Windows Server 2008 x64 (w/SP2)
· For Windows Server 2008 Itanium (w/SP2)
· For Windows Server 2008 R2 x64 (w/SP1)
· For Windows Server 2008 R2 Itanium (w/SP1)
· For Windows Vista x64 (w/SP2)
· For Windows Server 2008 (w/SP2) *
· For Windows Server 2008 x64 (w/SP2) *
· For Windows Server 2008 Itanium (w/SP2)
· For Windows Server 2008 R2 x64 (w/SP1) *
· For Windows Server 2008 R2 Itanium (w/SP1)
* Server Core installations not affected: If you chose the "Server Core" installation option, Windows does not install unnecessary client applications, such as Mail or Meeting Space.
Active Directory updates:
· For Windows Server 2003 (w/SP2)
o Active Directory Application Mode (ADAM)
· For Windows Server 2003 x64 (w/SP2)
o Active Directory Application Mode (ADAM)
· For Windows Server 2003 Itanium (w/SP2)
· For Windows Vista x64 (w/SP2)
· For Windows Server 2008 (w/SP2)
· For Windows Server 2008 x64 (w/SP2)
· For Windows Server 2008 R2 x64 (w/SP1)
· For Windows Server 2008 R2 Itanium (w/SP1)
No comments:
Post a Comment