Risk

4/12/2011
02:36 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Pushes Giant Security Patch

The record number of security fixes is the result of a single security bulletin that addresses 30 Windows kernel flaws.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches

Microsoft on Tuesday issued its April security patch, setting a new record for the number of vulnerabilities repaired.

The company published 17 security bulletins addressing 64 vulnerabilities. Last month the load was considerably lighter: three security bulletins addressing four vulnerabilities.

The April patch breaks a record set in December 2010, when Microsoft released 17 security bulletins addressing 40 vulnerabilities. Previous records were set in October 2010, with 16 bulletins and 49 vulnerabilities, and in August 2010, with 14 bulletins and 34 vulnerabilities.

Nine of the 17 bulletins this month are designated critical; eight are designated important.

Jerry Bryant, Microsoft group manager of response communications, said in a phone briefing that the large number of vulnerabilities this month is largely due to bulletin MS11-034, which addresses 30 Windows kernel flaws. Despite the sheer number of vulnerabilities addressed by this bulletin, it is only rated important.

Bryant credited Tarjei Mandt, a security researcher with Norman ASA, for reporting the vulnerabilities and expressed gratitude to all the security researchers who are working with Microsoft to improve the security of its software.

Bryant also said that Microsoft's customers care more about quality than quantity. "Customers don't have to do quite as a much testing [when the patches are high-quality]," he said. "So the volume is not so much of an issue."

In addition to its security bulletins, Microsoft is also releasing two security advisories. The first (25065014), Bryant said, is a non-security, high-priority update for the winload.exe component in 64-bit version of Windows. The update prevents a driver signing enforcement mechanism from being abused, thereby preventing current generation rootkits from being able to hide on Windows systems, said Bryant.

The second security advisory (25015084) details how Microsoft is bringing its Office 2010 file validation system to Office 2007 and 2003. This will mitigate the risk posted by malicious Office files to users of older versions of Office.

Bryant said Microsoft is recommending that customers focus first on deploying three patches: MS11-018, MS11-019, and MS11-020.

MS11-018 is an update for Internet Explorer, version 6 through 8. It addresses five critical vulnerabilities, one of which has been used in a targeted attack. Internet Explorer 9 is not affected.

MS11-018 fixes the vulnerability that was used to compromise Internet Explorer 8 at the Pwn2Own hacking competition during the recent CanSecWest security conference in Vancouver, Canada.

MS11-019 covers two SMB Client vulnerabilities. One has been publicly disclosed, Bryant said, but Microsoft is not aware of any attacks exploiting from this vulnerability. The privately disclosed flaw, however, he considers to be more serious.

MS11-020 resolves a privately disclosed SMB server flaw. Bryant said this is perhaps the most critical of all the vulnerabilities this month. "Any system with an open SMB share would be vulnerable from anyone on the network," he said.

Tyler Reguly, technical manager of security research and development for nCircle, concured, noting in an emailed statement that MS11-020 is similar to MS08-067, the flaw exploited by the Conficker worm. Security researchers with other companies are saying much the same thing.

Microsoft also is shipping a patch for the widely reported MHTML vulnerability (MS11-026) in Windows. Microsoft previously offered a Fix-it script as a temporary means of addressing the issue.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.