August '11 Patch Tuesday: Details on the Critical Bulletins
Article by George Norman
On 10 Aug 2011
As part of the Patch Tuesday program, Microsoft rolled out a grand total of 13 security bulletins on Tuesday, August 9th. These bulletins are meant to address 22 vulnerabilities that affect the Windows operating system, the Internet Explorer web browser, the .NET Framework, and the integrated development environment (IDE) Visual Studio.

The good news is that out of the 13 security bulletins only 2 carry the top severity rating of “critical”. As a little reminder, Microsoft uses the “critical” rating when it deals with vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action.

Advertising

Microsoft has released additional information on the 2 security bulletins that are rated as critical. Here are those details:

MS11-057 – Cumulative Security Update for Internet Explorer
Description: Five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Rating: Critical.
Affected software: Microsoft Windows, Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Exploitability: Microsoft expects to see reliable exploits developed within the next 30 days.

MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution

Description: Two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Rating: Critical.
Affected software: Microsoft Windows.
Most likely attack vector: Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server.
Exploitability: Microsoft thinks its unlikely it will see exploits developed in the next 30 days.

For additional information on the security bulletins Microsoft rolled out as part of the August 2011 Patch Tuesday, click here and here.


The Microsoft Security Response Center (MSRC) has provided these visual representations of the August 2011 Patch Tuesday.







Tags: Microsoft, Security, Patch Tuesday, Windows, Internet Explorer
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
August '11 Patch Tuesday: Details on the Critical Bulletins
HTML Linking Code