4 Security Bulletins Released by Microsoft in Light November Update

Microsoft released its security update for November today with only four bulletins -- one item deemed "critical," two "important" and one "moderate."

The critical item (MS11-083) aims to fix a privately reported issue with Internet Protocol that could lead to remote code execution attacks in Windows systems. Microsoft is advising that this fix will require a system restart.

MS11-085, the first of two important bulletins this month, describes a vulnerability in Windows Meeting Space and Windows Mail. If left unpatched, this flaw could enable remote code execution attacks. The problem occurs when a user opens a file that is located in the same directory as a DLL file containing malware. Once the legitimate file is opened, a user's system could attempt to open and run the corrupted DLL file.

The second important item (MS11-086) fixes an issue in Active Directory that could allow elevation of privilege for an individual who has knowledge of the exploit. Tyler Reguly, technical manager for security research and development at nCircle, commented that he was surprised that Microsoft is still finding errors in Active Directory's DLL preloading.

"MS11-086 is the most interesting patch today since Active Directory servers using LDAP over SSL fail to check the certificate revocation list," wrote Reguly.  "Given all the issues with SSL lately, this could be important."

Microsoft's final item for this month's rollout fixes a denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2. The exploit is carried out once a user opens a TrueType font file containing malware in an e-mail attachment. According to Microsoft, this update is only categorized as moderate due to the high level of interaction required for an attacker to successfully pull off the attack.

Andrew Storms, director of security operations at the nCircle security firm, commented on how this exploit shares many similarities with another recent high-profile discovery -- namely, Windows kernel attacks by the Duqu worm, which also leverage the TrueType font parsing engine.

"The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week," wrote Storms. "I wonder if we are seeing the beginning of a new malware trend focused on exploiting kernel and font parsing bugs."

More information on this month's batch of bulletins can be found in the Microsoft Security Bulletin Summary.

About the Author

Chris Paoli is the site producer for and


  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.