Microsoft Patch Tuesday Roundup – November

This month Microsoft released four bulletins (MS11-083 – MS11-086). Secunia has rated two of them as “Highly Critical”, one as “Moderately Critical”, and one as “Less Critical” while Microsoft has rated one as “Critical”, two as “Important”, and one as “Moderate”. Each of the bulletins covers one vulnerability and of the four bulletins, two have received a rating of “1” in the Microsoft Exploitability Index. Microsoft describes a “1” as “Consistent exploit code likely”.

In the table below you will find an overview of the Microsoft Bulletins and the corresponding Secunia Advisories, as well as the ratings from both Microsoft and Secunia.

Microsoft BulletinSecunia
Advisory ID
(SAID)
MS KBCVE(s)Secunia RatingMS RatingMicrosoft
Exploitability
Index
Vector
MS11-083SA46731KB2588516CVE-2011-2013HighCritical2,2Remote
MS11-084SA46751KB2617657CVE-2011-2004ModerateModerateN/ARemote
MS11-085SA46752KB2620704CVE-2011-2016HighImportant1,1Remote
MS11-086SA46755KB2630837CVE-2011-2014LessImportant1,1Local Network

Note: The first digit in the “Microsoft Exploitability Index” refers to the latest version of the affected product. The second digit refers to older versions. See “Microsoft Security Bulletin Summary for November” for more details. N/A implies that either older or newer products are not affected or covered by the index.

Prioritisation

SA46731 (MS11-083) should receive immediate attention as it may allow execution of arbitrary code by sending a continuous flow of UDP packets to a closed port. It does not have an “Exploitability Index” rating of “1”. However, due to the nature of the vulnerability Secunia emphasizes on the prioritization of this update.

SA46752 (MS11-085) addresses an arbitrary code execution vulnerability due to insecure library loading in Windows Mail and Windows Meeting Space and has an “Exploitability Index” rating of “1”. Note that this should be considered as a “defense in depth” update for Windows 7 and Windows Server 2008 R2 as currently there are no known attack vectors to exploit this vulnerability.

SA46751 (MS11-084) and SA46755 (MS11-086) address a Denial of Service and a Security Bypass vulnerability, respectively. SA46751 resolves a vulnerability in TrueType font parsing, which can be exploited to crash a system if e.g. a user visits a malicious network share. SA46755 can be exploited to gain unintended access to an Active Directory server. However, it only affects a configuration where Active Directory is configured to use LDAP over SSL, which is not a default setting. It also requires an attacker to have access to a revoked certificate and therefore it is unlikely that this vulnerability would be exploited on a large scale. Both vulnerabilities (SA46751 and SA46755) do not allow code execution.

Stay Secure,

Secunia