News

4 Security Bulletins Released by Microsoft in Light November Update

Microsoft released its security update for November today with only four bulletins -- one item deemed "critical," two "important" and one "moderate."

The critical item (MS11-083) aims to fix a privately reported issue with Internet Protocol that could lead to remote code execution attacks in Windows systems. Microsoft is advising that this fix will require a system restart.

MS11-085, the first of two important bulletins this month, describes a vulnerability in Windows Meeting Space and Windows Mail. If left unpatched, this flaw could enable remote code execution attacks. The problem occurs when a user opens a file that is located in the same directory as a DLL file containing malware. Once the legitimate file is opened, a user's system could attempt to open and run the corrupted DLL file.

The second important item (MS11-086) fixes an issue in Active Directory that could allow elevation of privilege for an individual who has knowledge of the exploit. Tyler Reguly, technical manager for security research and development at nCircle, commented that he was surprised that Microsoft is still finding errors in Active Directory's DLL preloading.

"MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list," wrote Reguly.  "Given all the issues with SSL lately, this could be important."

Microsoft's final item for this month's rollout fixes a denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2. The exploit is carried out once a user opens a TrueType font file containing malware in an e-mail attachment. According to Microsoft, this update is only categorized as moderate due to the high level of interaction required for an attacker to successfully pull off the attack.

Andrew Storms, director of security operations at the nCircle security firm, commented on how this exploit shares many similarities with another recent high-profile discovery -- namely, Windows kernel attacks by the Duqu worm, which also leverage the TrueType font parsing engine.

"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," wrote Storms. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font parsing bugs."

More information on this month's batch of bulletins can be found in the Microsoft Security Bulletin Summary.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus