News

'Critical' Fixes for Internet Explorer, Silverlight in Microsoft's October Security Bulletin

Microsoft today released its October Security Bulletin, which includes eight bulletins that address 23 vulnerabilities -- with two bulletins labeled "critical" and six "important."

The first critical item fixes eight vulnerabilities reported by private entities. Microsoft said that one of the holes could lead to remote code execution if a user visited a targeted Web page while using Microsoft's browser.

The second critical bulletin fixes an issue with Microsoft .NET Framework and Microsoft Silverlight. Just as in the first bulletin, if unpatched, users could be subjected to remote code execution thanks to an error in Internet Explorer that can run XAML Browser Applications (XBAPs) or Silverlight applications.

As with all items deemed critical by Microsoft, security experts advise IT and users to prioritize these patches as soon as possible. "In addition to the eight critical vulnerabilities being fixed in Internet Explorer, both consumer and corporate customers urgently need to patch Silverlight with MS11-078, which may or may not be installed on your system," wrote Kurt Baumgartner, a Kaspersky lab expert, in a blog post.

Host Integration Servers 2004, 2006, 2009 and 2010 marks the first important bulletin, and if unpatched, could lead to a possible denial of service attack. The second of the six important items concerns Windows Server 2003 and Windows XP, and patches a hole that hackers could exploit for an elevation of privilege action.

Speaking on behalf of the next item, Robert Keith, security advisor at Symantec, breaks down an error in Microsoft's Kernel mode (all versions of Windows OS and Windows Server) that gets a fix: "A local privilege-escalation vulnerability occurs because the kernel fails to properly validate user-supplied data between user-mode and kernel-mode. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer."

The final three bulletins target Forefront Unified Access Gateway 2010, Windows Media Center running on Windows 7 and Microsoft Active Accessibility. If gone ignored, flaws in these programs could all lead to remote code execution attacks.

More information on October's Security Bulletin can be found here. Microsoft has also released a chart prioritizing each patch:



Office Web Apps[Click on image for larger view.]

Courtesy of Microsoft

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus