4 Security Bulletins Released by Microsoft in Light November Update

Microsoft released its security update for November today with only four bulletins -- one item deemed "critical," two "important" and one "moderate."

The critical item (MS11-083) aims to fix a privately reported issue with Internet Protocol that could lead to remote code execution attacks in Windows systems. Microsoft is advising that this fix will require a system restart.

MS11-085, the first of two important bulletins this month, describes a vulnerability in Windows Meeting Space and Windows Mail. If left unpatched, this flaw could enable remote code execution attacks. The problem occurs when a user opens a file that is located in the same directory as a DLL file containing malware. Once the legitimate file is opened, a user's system could attempt to open and run the corrupted DLL file.

The second important item (MS11-086) fixes an issue in Active Directory that could allow elevation of privilege for an individual who has knowledge of the exploit. Tyler Reguly, technical manager for security research and development at nCircle, commented that he was surprised that Microsoft is still finding errors in Active Directory's DLL preloading.

"MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list," wrote Reguly.  "Given all the issues with SSL lately, this could be important."

Microsoft's final item for this month's rollout fixes a denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2. The exploit is carried out once a user opens a TrueType font file containing malware in an e-mail attachment. According to Microsoft, this update is only categorized as moderate due to the high level of interaction required for an attacker to successfully pull off the attack.

Andrew Storms, director of security operations at the nCircle security firm, commented on how this exploit shares many similarities with another recent high-profile discovery -- namely, Windows kernel attacks by the Duqu worm, which also leverage the TrueType font parsing engine.

"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," wrote Storms. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font parsing bugs."

More information on this month's batch of bulletins can be found in the Microsoft Security Bulletin Summary.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Issues Windows Server HTTP/2 Attack Advisory

    Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

  • Performing a Storage Refresh on Windows Server 2016, Part 2

    Earlier, Brien walked through the steps of preparing a physical Windows Server 2016 machine for a storage refresh. Now, he shows how to complete the process, all the way to OS restoration.

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

  • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

    Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.