August '11 Patch Tuesday: Details on the Critical Bulletins
As part of the Patch Tuesday program, Microsoft rolled out a grand total of 13 security bulletins on Tuesday, August 9th. These bulletins are meant to address 22 vulnerabilities that affect the Windows operating system, the Internet Explorer web browser, the .NET Framework, and the integrated development environment (IDE) Visual Studio.
The good news is that out of the 13 security bulletins only 2 carry the top severity rating of “critical”. As a little reminder, Microsoft uses the “critical” rating when it deals with vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action.
Microsoft has released additional information on the 2 security bulletins that are rated as critical. Here are those details:
MS11-057 – Cumulative Security Update for Internet Explorer
Description: Five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Rating: Critical.
Affected software: Microsoft Windows, Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Exploitability: Microsoft expects to see reliable exploits developed within the next 30 days.
MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution
Description: Two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Rating: Critical.
Affected software: Microsoft Windows.
Most likely attack vector: Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server.
Exploitability: Microsoft thinks its unlikely it will see exploits developed in the next 30 days.
For additional information on the security bulletins Microsoft rolled out as part of the August 2011 Patch Tuesday, click here and here.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the August 2011 Patch Tuesday.
Tags: Microsoft, Security, Patch Tuesday, Windows, Internet Explorer
The good news is that out of the 13 security bulletins only 2 carry the top severity rating of “critical”. As a little reminder, Microsoft uses the “critical” rating when it deals with vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action.
Advertising
Microsoft has released additional information on the 2 security bulletins that are rated as critical. Here are those details:
MS11-057 – Cumulative Security Update for Internet Explorer
Description: Five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Rating: Critical.
Affected software: Microsoft Windows, Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Exploitability: Microsoft expects to see reliable exploits developed within the next 30 days.
MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution
Description: Two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Rating: Critical.
Affected software: Microsoft Windows.
Most likely attack vector: Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server.
Exploitability: Microsoft thinks its unlikely it will see exploits developed in the next 30 days.
For additional information on the security bulletins Microsoft rolled out as part of the August 2011 Patch Tuesday, click here and here.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the August 2011 Patch Tuesday.
Tags: Microsoft, Security, Patch Tuesday, Windows, Internet Explorer
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 06 Jan 2012
On the 10th of January 2012, Microsoft will release seven security bulletins as part of its Patch Tuesday program. The aforementioned bulletins are meant to address a total of 8 vulnerabilities that plague the Microsoft Windows operating system and
By George Norman on 13 Dec 2011
Tuesday, the 13th of December, is December 2011 Patch Tuesday, the last Patch Tuesday of the year. This December Microsoft will release a total of 14 security bulletins to its customers.
By George Norman on 12 Mar 2012
A total of six security bulletins will be released on Tuesday, the 13th of March by Microsoft as part of its Patch Tuesday program
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
August '11 Patch Tuesday: Details on the Critical Bulletins
HTML Linking Code
HTML Linking Code