October 2011 A Variety of Updates Released‏

A variety of security updates were released today both for some types of servers and workstations. The priority you give will depend on the types of systems you are responsible for. Note that MS11-076 and MS11-082 contain vulnerabilities that are publicy disclosed. This may shorten the time we have until there is an active exploit.

In August of 2010 Microsoft alerted us to a new attack vector. The class of vulnerabilities is called “Insecure Library Loading”. So far 18 Security bulletins have been released due to Insecure Library Loading. MS11-075 is with Microsoft Active Accessibility and MS11-076 is with Media Center. This class of attacks can also find vulnerabilities in third-party programs so admins should be alert to updates from other vendors.

Multiple vulnerabilities are found in some kernel-mode drivers. The kernel is the core of the operating system and kernel-mode drivers can be especially bothersome since they access the kernel directly. These are addressed in MS11-077.

MS11-078 has to do with vulnerabilities in .NET framework and Microsoft Silverlight.

After installing the updates (MS11-079) for Microsoft Forefront User Access Gateway (UAG) the administrator must additionally open the console and activate the configuration. Users with access to the UAG are vulnerable but the patches are made on the server.

The update MS11-080 addresses a privilege elevation vulnerability in the in the Microsoft Windows Ancillary Function Driver (AFD). For Windows XP and 2003 it replaces a similar fix released last June. The vulnerability addressed here however had not been publicly disclosed.

MS11-081 is a critical update for Internet Explorer. It addresses multiple vulnerabilities by modifying the way IE handles objects in memory. This update applies to all supported versions of IE.

For those running Host Integration Server which integrates with IBM systems, MS11-082 provides an update for two publicly disclosed vulnerabilities. A properly configured firewall would mitigate these DoS attacks and is suggested as a workaround.

Get more of my knowledge on the security log with my Security Log Resource kit or get prescriptive best practice guidance what events to monitor and how with my Rosetta Audit Logging Kits .
BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy’s recommendation
MS11-0792544641Arbitrary code/ Forefront UAGServersNo/NoNoImportantForefront UAGPatch after testing
MS11-0772567053Arbitrary code/ Windows kernel mode driversWorkstations
Terminal Servers
No/NoNoImportantXP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req’dPatch after testing
MS11-0812586448Arbitrary code/ Internet ExplorerWorkstations
Terminal Servers
No/NoNoCriticalXP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req’dPatch after testing
MS11-0802592799Privilege elevation/ WindowsWorkstations
Terminal Servers
No/NoNoImportantXP
Server 2003
Restart Req’dPatch after testing
MS11-0762604926Arbitrary code/ WindowsWorkstationsYes/NoNoImportantVista
Windows 7
Media Center TV Pack
Patch after testing
MS11-0782604930Arbitrary code/ .Net Framework; SilverlightWorkstations
Terminal Servers
Web Hosting Servers
No/NoNoCriticalXP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Silverlight 4
Patch after testing
MS11-0822607670Denial of service/ Host Integration ServerServersYes/NoNoImportantHost Integration Server 2004
Host Integration Server 2006
Host Integration Server 2009
Host Integration Server 2010
Patch after testing
MS11-0752623699Arbitrary code/ WindowsWorkstations
Terminal Servers
No/NoNoImportantXP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req’dPatch after testing
Thanks as always for reading and best wishes on security,
Randy Franklin Smith