A variety of security updates were released today both for some types of servers and workstations. The priority you give will depend on the types of systems you are responsible for. Note that MS11-076 and MS11-082 contain vulnerabilities that are publicy disclosed. This may shorten the time we have until there is an active exploit.
In August of 2010 Microsoft alerted us to a new attack vector. The class of vulnerabilities is called “Insecure Library Loading”. So far 18 Security bulletins have been released due to Insecure Library Loading. MS11-075 is with Microsoft Active Accessibility and MS11-076 is with Media Center. This class of attacks can also find vulnerabilities in third-party programs so admins should be alert to updates from other vendors.
Multiple vulnerabilities are found in some kernel-mode drivers. The kernel is the core of the operating system and kernel-mode drivers can be especially bothersome since they access the kernel directly. These are addressed in MS11-077.
MS11-078 has to do with vulnerabilities in .NET framework and Microsoft Silverlight.
After installing the updates (MS11-079) for Microsoft Forefront User Access Gateway (UAG) the administrator must additionally open the console and activate the configuration. Users with access to the UAG are vulnerable but the patches are made on the server.
The update MS11-080 addresses a privilege elevation vulnerability in the in the Microsoft Windows Ancillary Function Driver (AFD). For Windows XP and 2003 it replaces a similar fix released last June. The vulnerability addressed here however had not been publicly disclosed.
MS11-081 is a critical update for Internet Explorer. It addresses multiple vulnerabilities by modifying the way IE handles objects in memory. This update applies to all supported versions of IE.
For those running Host Integration Server which integrates with IBM systems, MS11-082 provides an update for two publicly disclosed vulnerabilities. A properly configured firewall would mitigate these DoS attacks and is suggested as a workaround.
| Bulletin | Exploit Types /Technologies Affected |
System Types Affected | Exploit details public? / Being exploited? |
Comprehensive, practical workaround available? |
MS severity rating | Products Affected | Notes | Randy’s recommendation |
| MS11-0792544641 | Arbitrary code/ Forefront UAG | Servers | No/No | No | Important | Forefront UAG | Patch after testing | |
| MS11-0772567053 | Arbitrary code/ Windows kernel mode drivers | Workstations Terminal Servers |
No/No | No | Important | XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 |
Restart Req’d | Patch after testing |
| MS11-0812586448 | Arbitrary code/ Internet Explorer | Workstations Terminal Servers |
No/No | No | Critical | XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 |
Restart Req’d | Patch after testing |
| MS11-0802592799 | Privilege elevation/ Windows | Workstations Terminal Servers |
No/No | No | Important | XP Server 2003 |
Restart Req’d | Patch after testing |
| MS11-0762604926 | Arbitrary code/ Windows | Workstations | Yes/No | No | Important | Vista Windows 7 Media Center TV Pack |
Patch after testing | |
| MS11-0782604930 | Arbitrary code/ .Net Framework; Silverlight | Workstations Terminal Servers Web Hosting Servers |
No/No | No | Critical | XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 Silverlight 4 |
Patch after testing | |
| MS11-0822607670 | Denial of service/ Host Integration Server | Servers | Yes/No | No | Important | Host Integration Server 2004 Host Integration Server 2006 Host Integration Server 2009 Host Integration Server 2010 |
Patch after testing | |
| MS11-0752623699 | Arbitrary code/ Windows | Workstations Terminal Servers |
No/No | No | Important | XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 |
Restart Req’d | Patch after testing |
Randy Franklin Smith
