News

Microsoft's September Patch Arrives With Five 'Important' Items

• By Jabulani Leffall
• 09/13/2011

Five "important" security bulletins arrived as scheduled for September's Patch Tuesday, after an unintentional leak of early details last week from Microsoft.

According to security experts such as nCircle's Director of Security Operations Andrew Storms, it turns out September is unlike any other patch month.

"In what might be a first time event, Adobe released a batch of 13 CVE's early this morning before the Microsoft patch," Storms said. "It's a definitely improvement over their previous late afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome -- remote code execution."

On the Microsoft patch release front, common risk considerations such as remote code execution (RCE) and elevation of privilege comprise this month's slate. RCE covers three of the bulletins and administrative and access vulnerabilities will be patched with the remaining two elevation of privilege items.

Web components and application level vulnerabilities are the uniting theme for this month's batch.

First up is a hole in Windows Internet Name Service (WIN). With this particular update, the privately reported vulnerability was spotted by researchers at Core Security Technologies, which tells Redmond Media Group that it reported the elevation-of privilege hole prior to this patch rollout.

Milan Shah, senior vice president of engineering at Core Security, believes that given recent events, the science of vulnerability research and disclosure is critical.

"[Everyone] must continue to make a significant investment to discover vulnerabilities that affect applications and other resources to help the global community identify corresponding risks to their own information," Shah added.

Moving right along, the second important item relates to corrupt rich text documents that could trigger RCE exploits in the Windows OS. This could happen if such a file is located on the same network as dynamic link library (DLL). According to Microsoft, this could lead to load hijacking, which has been a thorn in the side of Windows IT security experts since it first popped up as a problem in August of last year.

This item was one of the items where details were leaked last week. The software giant has been attempting to repair issues around DLL since November 2010.

The third bulletin covers Excel. Microsoft said in the bulletin notes that the Excel vulnerability could allow remote code execution if a user opens a specially crafted Excel file.

Item No. 4 is a sweeping Microsoft Office fix that protects specially crafted network library components from latching corrupt code onto Office documents and spawning.

Last, but not least, is an important bulletin resolving "five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services."

Microsoft says the most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site.

All items may require a restart.

In related news, Microsoft has also released with today's security bulletin updates on the DigiNotar certificate authority to the Microsoft Untrusted Certificate Store. This is replacing Security Advisory 2607712 with a new update (2616676) that adds six more certificates to the list -- the details of which can be found on the MSRC blog.

There's also this monthly knowledge base article with a description of Software Update Services and Windows Server Update Services changes for Windows IT pros to peruse.