4 Security Bulletins Released by Microsoft in Light November Update

Microsoft released its security update for November today with only four bulletins -- one item deemed "critical," two "important" and one "moderate."

The critical item (MS11-083) aims to fix a privately reported issue with Internet Protocol that could lead to remote code execution attacks in Windows systems. Microsoft is advising that this fix will require a system restart.

MS11-085, the first of two important bulletins this month, describes a vulnerability in Windows Meeting Space and Windows Mail. If left unpatched, this flaw could enable remote code execution attacks. The problem occurs when a user opens a file that is located in the same directory as a DLL file containing malware. Once the legitimate file is opened, a user's system could attempt to open and run the corrupted DLL file.

The second important item (MS11-086) fixes an issue in Active Directory that could allow elevation of privilege for an individual who has knowledge of the exploit. Tyler Reguly, technical manager for security research and development at nCircle, commented that he was surprised that Microsoft is still finding errors in Active Directory's DLL preloading.

"MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list," wrote Reguly.  "Given all the issues with SSL lately, this could be important."

Microsoft's final item for this month's rollout fixes a denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2. The exploit is carried out once a user opens a TrueType font file containing malware in an e-mail attachment. According to Microsoft, this update is only categorized as moderate due to the high level of interaction required for an attacker to successfully pull off the attack.

Andrew Storms, director of security operations at the nCircle security firm, commented on how this exploit shares many similarities with another recent high-profile discovery -- namely, Windows kernel attacks by the Duqu worm, which also leverage the TrueType font parsing engine.

"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," wrote Storms. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font parsing bugs."

More information on this month's batch of bulletins can be found in the Microsoft Security Bulletin Summary.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube