October Microsoft Patches Fix 23 Vulnerabilities

Patch Tuesday for October 2011 from Microsoft delivered 8 security bulletins, two that are rated “critical,” six rated as “important”.  Note that MS11-076 and MS11-082 contain vulnerabilities that are publicly disclosed, shortening the time we may have until there is an active exploit.

  • MS11-075 is the too commonly patched “Insecure Library Loading” issue.  So far since it was first reported in August of 2010, 18 security bulletins have been released due to this type of vulnerability.  This time the vulnerability lies in the Microsoft Active Accessibility component.
  • MS11-076 is a second Insecure Library Loading (aka DLL Preloading) vulnerability, affecting Windows Media Center.
  • MS11-077 resolves four vulnerabilities in Win32k.sys.  This is the kernel, the core of the Windows operating system, and kernel-mode drivers can be especially
    troubling, since they access the kernel directly.  The most serious of these vulnerabilities leads to code execution when handling malicious font files (.fon).  The remainder are elevation of privilege vulnerabilities.
  • MS11-078 is a single vulnerability that affects Silverlight and the .NET Framework.  According to Microsoft sources, it is likely that we’ll see exploit code for Silverlight 3 in the next 30 days. Silverlight 3 has no patch available, and users should upgrade to Silverlight 4 and apply the patch.  Multiple attack vectors exist that include local access to a .NET application and a browser-based scenario.  There’s also an attack vector regarding web servers that allow custom ASP .NET application uploads.  It’s never good practice to allow application uploads unless the web hosting environment absolutely requires it, so be aware of this vector if that is your model.
  • MS11-079 describes vulnerabilities affecting Microsoft Forefront Unified Access Gateway. This bulletin fixes several XSS vulnerabilities and a cookie related issue.  The final issue is related to signed java applets and is being referred to as “Poisoned Cup of Code Execution Vulnerability”.  Sounds nasty, is nasty.  After installing the updates on the UAG server, don’t forget to open the console and activate the configuration!  Users with access to the UAG are vulnerable but the patches are applied to the server.
  • MS11-080 also relates to .sys files, patching an elevation of privilege vulnerability in the Ancillary Function Driver (AFD.sys).
  • MS11-081 addresses a number of Internet Explorer vulnerabilities affecting ALL versions of IE from 6 to 9.  This was a highly expected bulletin, so it shouldn’t surprise anyone that this bulletin is marked critical and should be applied as soon as possible.  It modifies the way IE handles objects in memory.
  • MS11-082 is the final bulletin this month, listing Microsoft Host Integration Server (HIS) as the only affected component.  It discusses two denial of service vulnerabilities in HIS 2004, 2006, 2009, and 2010.  A properly configured firewall should be considered to mitigate the DoS threats.

As always, apply all security patches as soon as possible.  http://technet.microsoft.com/en-us/security/bulletin/ms11-oct