August '11 Patch Tuesday: Details on the Critical Bulletins
Article by George Norman
On 10 Aug 2011
As part of the Patch Tuesday program, Microsoft rolled out a grand total of 13 security bulletins on Tuesday, August 9th. These bulletins are meant to address 22 vulnerabilities that affect the Windows operating system, the Internet Explorer web browser, the .NET Framework, and the integrated development environment (IDE) Visual Studio.

The good news is that out of the 13 security bulletins only 2 carry the top severity rating of “critical”. As a little reminder, Microsoft uses the “critical” rating when it deals with vulnerabilities whose exploitation could allow the propagation of an Internet worm without user action.

Advertising

Microsoft has released additional information on the 2 security bulletins that are rated as critical. Here are those details:

MS11-057 – Cumulative Security Update for Internet Explorer
Description: Five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.
Rating: Critical.
Affected software: Microsoft Windows, Internet Explorer.
Most likely attack vector: Victim browses to a malicious webpage.
Exploitability: Microsoft expects to see reliable exploits developed within the next 30 days.

MS11-058 – Vulnerabilities in DNS Server Could Allow Remote Code Execution

Description: Two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Rating: Critical.
Affected software: Microsoft Windows.
Most likely attack vector: Attacker sends name resolution request to victim DNS server that is configured to issue requests to a malicious DNS server. Response from malicious DNS server to victim DNS server is improperly handled, resulting in denial of service on victim DNS server.
Exploitability: Microsoft thinks its unlikely it will see exploits developed in the next 30 days.

For additional information on the security bulletins Microsoft rolled out as part of the August 2011 Patch Tuesday, click here and here.


The Microsoft Security Response Center (MSRC) has provided these visual representations of the August 2011 Patch Tuesday.







Tags: Microsoft, Security, Patch Tuesday, Windows, Internet Explorer
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 07 Jun 2017
Yes, I know that the global PC market is in a downwards spiral for its nth quarter and that mobile usage is on the rise. Still, I argue that a desktop PC is better than all the other alternatives.
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 31 May 2017
Having lots of devices connected to your network and the internet isn't a problem, as long as you keep the bad guys out of the picture. That’s crucial, because they'll exploit any vulnerability that they can find.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
August '11 Patch Tuesday: Details on the Critical Bulletins
HTML Linking Code