Risk
4/12/2011
02:36 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Microsoft Pushes Giant Security Patch

The record number of security fixes is the result of a single security bulletin that addresses 30 Windows kernel flaws.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches

Microsoft on Tuesday issued its April security patch, setting a new record for the number of vulnerabilities repaired.

The company published 17 security bulletins addressing 64 vulnerabilities. Last month the load was considerably lighter: three security bulletins addressing four vulnerabilities.

The April patch breaks a record set in December 2010, when Microsoft released 17 security bulletins addressing 40 vulnerabilities. Previous records were set in October 2010, with 16 bulletins and 49 vulnerabilities, and in August 2010, with 14 bulletins and 34 vulnerabilities.

Nine of the 17 bulletins this month are designated critical; eight are designated important.

Jerry Bryant, Microsoft group manager of response communications, said in a phone briefing that the large number of vulnerabilities this month is largely due to bulletin MS11-034, which addresses 30 Windows kernel flaws. Despite the sheer number of vulnerabilities addressed by this bulletin, it is only rated important.

Bryant credited Tarjei Mandt, a security researcher with Norman ASA, for reporting the vulnerabilities and expressed gratitude to all the security researchers who are working with Microsoft to improve the security of its software.

Bryant also said that Microsoft's customers care more about quality than quantity. "Customers don't have to do quite as a much testing [when the patches are high-quality]," he said. "So the volume is not so much of an issue."

In addition to its security bulletins, Microsoft is also releasing two security advisories. The first (25065014), Bryant said, is a non-security, high-priority update for the winload.exe component in 64-bit version of Windows. The update prevents a driver signing enforcement mechanism from being abused, thereby preventing current generation rootkits from being able to hide on Windows systems, said Bryant.

The second security advisory (25015084) details how Microsoft is bringing its Office 2010 file validation system to Office 2007 and 2003. This will mitigate the risk posted by malicious Office files to users of older versions of Office.

Bryant said Microsoft is recommending that customers focus first on deploying three patches: MS11-018, MS11-019, and MS11-020.

MS11-018 is an update for Internet Explorer, version 6 through 8. It addresses five critical vulnerabilities, one of which has been used in a targeted attack. Internet Explorer 9 is not affected.

MS11-018 fixes the vulnerability that was used to compromise Internet Explorer 8 at the Pwn2Own hacking competition during the recent CanSecWest security conference in Vancouver, Canada.

MS11-019 covers two SMB Client vulnerabilities. One has been publicly disclosed, Bryant said, but Microsoft is not aware of any attacks exploiting from this vulnerability. The privately disclosed flaw, however, he considers to be more serious.

MS11-020 resolves a privately disclosed SMB server flaw. Bryant said this is perhaps the most critical of all the vulnerabilities this month. "Any system with an open SMB share would be vulnerable from anyone on the network," he said.

Tyler Reguly, technical manager of security research and development for nCircle, concured, noting in an emailed statement that MS11-020 is similar to MS08-067, the flaw exploited by the Conficker worm. Security researchers with other companies are saying much the same thing.

Microsoft also is shipping a patch for the widely reported MHTML vulnerability (MS11-026) in Windows. Microsoft previously offered a Fix-it script as a temporary means of addressing the issue.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.