As part of its monthly Patch Tuesday upgrades, Microsoft on Tuesday released fixes for 22 vulnerabilities discovered in Internet Explorer, Windows, Visio and Visual Studio.
As previously mentioned, Microsoft released 13 security bulletins, two of which are rated critical in severity, nine important and two moderate.
The Redmond, Wash.-based company advised customers to install all of the updates as soon as possible, starting with the two rated most critical.
- MS11-057 for Internet Explorer fixes five privately reported vulnerabilities and two publicly disclosed vulnerabilities, according to the release. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
- MS11-058 resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk, the report said.
"It is interesting to see a big patch day coming after a security conference [Black Hat], instead of before one," Aviv Raff, CTO at cyberthreat management company Seculert, told SCMagazineUS.com on Tuesday. "Usually, vendors patch for zero day before a security conference in order to block security researchers from releasing them."
Andrew Storms, director of security at nCircle, a network security and compliance auditing firm, told SCMagazineUS.com in an email Tuesday that enterprises should also pay special attention to MS11-064, a bulletin listed by Microsoft as "important."
"Attackers can take advantage of this bug to cause a remote reboot of Windows computers even if they have a local firewall enabled," Storms said. "Back in the early 90s, we used to call this kind of bug the ‘ping of death.'"
It would only take about 10 minutes for an attacker to write and distribute a tool to take advantage of the flaw, Storms said. Then, anyone can easily grab that attack tool and, with a single click, cause a Windows network to reboot.
"The malicious potential is enormous," he said. "The most troubling thing about this bug is that the local Windows firewall does not mitigate the attack."
Service providers like ISPs, cloud providers and others that allow inbound ping packets to their server instances should immediately look for ways to mitigate this bug using edge firewalls, Storms said.
Overall, IT administrators have had their hands full this summer, Dave Marcus, director of security research and communications at McAfee Labs, told SCMagazineUS.com in an email on Tuesday.
“Although there are only two critical [Microsoft] patches this month, this update comes after the July patches from Oracle and Apple, and there will be another release of critical patches for Adobe Flash Player [on Tuesday]," he said.
To provide the best protection possible against exploitation, Don Debolt, director of threat research at Total Defense, a malware detection and anti-crimeware provider, advised that Microsoft Security Automatic Updates be enabled and that up-to-date anti-malware software be used. "The combination of these two will ensure the best protection possible," he told SCMagazineUS.com on Tuesday.
Further details outlining the fixes are available on a Microsoft blog. In addition, Microsoft is presenting a public webcast on Wednesday at 11 a.m. PDT to go into detail about the bulletins and answer questions.
