Microsoft Out-of-Cycle Patches Released

Uh-oh.  Looks liek Microsoft has announced a substantial “out-of-cycle” patch release for today.  There are at least 4 Critical patches, and 10 that are rated as Important.  10 of the patches are for Remote Code Execution, and the remainder are for Elevation of Privilege.  They are all over the map, from IE, to Office, to Windows Kernel.

That ought to keep any IT New Years merriment to a minimum.  Get in there and patch ’em, ASAP.  Take this seriously, it is out-of-cycle, a large patch bundle, and I personally believe, conservatively rated by the vendor.

http://technet.microsoft.com/en-us/security/bulletin/ms11-dec

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
Critical Remote Code Execution Requires restart Microsoft Windows
MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451)
This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Critical Remote Code Execution May require restart Microsoft Windows
MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Critical Remote Code Execution May require restart Microsoft Windows
MS11-088 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Important Elevation of Privilege May require restart Microsoft Office
MS11-089 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important Remote Code Execution May require restart Microsoft Office
MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important Remote Code Execution May require restart Microsoft Office
MS11-093 Vulnerability in OLE Could Allow Remote Code Execution (2624667)
This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important Remote Code Execution May require restart Microsoft Windows
MS11-094 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important Remote Code Execution May require restart Microsoft Office
MS11-095 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
Important Remote Code Execution May require restart Microsoft Windows
MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
Important Remote Code Execution May require restart Microsoft Office
MS11-097 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Important Elevation of Privilege Requires restart Microsoft Windows
MS11-098 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Important Elevation of Privilege Requires restart Microsoft Windows
MS11-099 Cumulative Security Update for Internet Explorer (2618444)
This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
Important Remote Code Execution Requires restart Microsoft Windows, Internet Explorer
MS11-100 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
Critical Elevation of Privilege May require restart Microsoft Windows, Microsoft .NET Framework
Advertisements