Patch/Configuration Management, Vulnerability Management

Microsoft distributes 17 patches for 64 flaws


Microsoft released a record-breaking security update on Tuesday, patching 64 vulnerabilities with 17 bulletins -- nine labeled "critical" and eight deemed "important."

The software giant and most vendor experts agreed that MS11-018, which resolves five flaws in Internet Explorer, rates as the highest-priority fix because of limited attacks underway against two of the vulnerabilities and the ease by which further exploits could take shape. One of the bugs became publicly known after it was demonstrated at CanSecWest's Pwn2Own hacker competition in Vancouver last month.

Internet Explorer 9 is not affected by the flaws, which can spread if a user visits a malicious web page.

Administrators also should consider MS11-019 and MS11-020 as high-priority patches, Pete Voss, senior response communications manager at Microsoft Trustworthy Computing, said in a blog post.

The former addresses one publicly known and one privately reported flaw, both client-side, in the Windows Server Message Block (SMB).

The latter addresses a server-side SMB bug, which has some observers wondering if, left unpatched, it could lead to a "wormable" exploit, similar to the Conficker outbreak of 2009.

"Attackers can send a specially crafted packet to a server running this file-sharing service and take control of the machine," explained Wolfgang Kandek, CTO of vulnerability management firm Qualys. "Companies that make SMB accessible over the internet are especially at risk. However, the main attack opportunity is going to be inside of enterprise networks, once an attacker has established a presence on the network."

Among the other patches, Microsoft filled a zero-day hole in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. The flaw, rated important, has been abused in “limited, targeted attacks," Microsoft has said.

With the update, the software giant also released the Office File Validation tool, announced in December, which helps to block malware cloaked as a legitimate Office document, a common technique used by virus writers. A rootkit evasion tool also was part of the update.

No matter which way one slices it, administrators will have their hands full with Tuesday's update. The previous record for vulnerabilities addressed in one month was 49, back in October.

"Business users need to have a risk management strategy in place to prioritize the patches," said Dave Marcus, director of security research and communication at McAfee Labs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.