The out-of-band and non-security stories were great this month. Unfortunately, we are getting pounded with a stunning sixteen patches, which cover a large number of problems. To make it worse, a number of patches have known issues and surprises when installing them, I’ve highlighted these patches for you, so look before you leap on these.
MS11-037/KB2544893 – Important (XP, Vista, W7)/Low (2003, 2008, 2008R2): The way Windows handles the MHTML protocol can result in “information disclosure” (it looks like it would be similar in effect to a cross site scripting attack). You will want to patch this on your usual schedule.
MS11-038/KB2476490 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): Image files in the WMF format can be used to perform remote code execution attacks, thanks to a vulnerability in the OLE Automation subsystem, this patch fixes it. Since it is easy to get a Web browser to display an image file, you should apply this patch immediately.
MS11-039/KB2514842 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A security hole in the handling of Silverlight is allowing Silverlight and XAML Browser Applications (XBAP’s) to be used to perform remote code execution attacks. Isn’t the whole point of Silverlight to make these things harder? Install this patch as soon as you can. Also, there are a lot of known issues with the patch, check out the KB article before installing it.
MS11-040/KB2520426 – Critical (Threat Management Gateway 2010 Client): The TMG client has a flaw that allows remote code execution attacks to be performed. If you use the TMG client, you should install this patch.
MS11-041/KB2525694 – Critical (Vista, W7, 2008, 2008 R2)/Important (XP, 2003): Problems with the OpenType font handler can allow remote code execution and escalation of privilege attacks. This patch closes those holes. Since an attacker can point a Web page to a network share to get a font file, you will want to close the hole with this patch as soon as you can.
MS11-042/KB2535512 – Critical (XP, 2003), Important (Vista, W7, 2008, 2008 R2): A flaw in the way Windows handles DFS processing can allow DoS and remote code execution attacks to be performed. Of course, you should be blocking DFS at the firewall, but this is still a concerning issue that you will want to patch immediately.
MS11-043/KB2536276 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): SMB packets can be used to exploit a vulnerability and perform remote code execution attacks. Like the DFS patch, you should be blocking this at the firewall, but you will still want to install this patch quickly.
MS11-044/KB2538814 – Critical (XP, Vista, W7, 2003, 2008, 2008 R2): A flaw in the .NET Framework and the XBAP handling system can allow applications to run code that they are not allowed to run. This is a critical issue and should be treated as an emergency patch scenario. The patch has some known issues that you should review first, though.
MS11-045/KB2537146 – Important (Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Office 2011 for Max, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack): This patch resolves a whopping eight vulnerabilities when opening Excel files, which can give the attacker the same rights as the logged on user. Microsoft says this is an “important” patch, but Excel files are so widespread that I recommend that you not hesitate to install the patch.
MS11-046/KB2503665 – Important (XP, Vista, W7, 2003, 2008, 2008 R2): A problem with the Ancillary Function Driver (used to hook Winsock to the kernel) can be exploited to perform escalation of privileges attacks. This is a good example of Microsoft rating a patch as “important” when it really should be “critical.” Install the patch quickly.
MS11-047/KB2525835 – Important (2008, 2008 R2): In the “odd bug of the month” category, a logged on user in a Hyper-V guest VM can send a malformed packet to the Hyper-V host in order to perform a denial of services attack. If you use Hyper-V, you should install this patch during your normal patch time.
MS11-048/KB2536275 – Important (Vista, W7, 2008, 2008 R2): A problem with SMB packet processing can lead to DoS attacks. Your firewall should block these out, but you will still watch to install the patch when you have the chance.
MS11-049/KB2543893 – Important (InfoPath 2007, InfoPath 2010, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010): An XML editor control used in a number of Microsoft data handling products can be exploited to perform information disclosure attacks. Install this patch as needed for systems using the affected software, but check the KB article first for known vulnerabilities.
MS11-050/KB2530548 – Critical (IE 6, IE 7, IE 8, IE 9): This is a big cumulative update for IE 6 – IE 9 that resolves eleven vulnerabilities. Install it ASAP.
MS11-051/KB2518295 – Important (2003, 2008, 2008 R2): The Active Directory Certificate Services Web Enrollment is vulnerable to cross site scripting attacks that this patch fixes. This shouldn’t be available outside your network, and the patch only needs to be applied to your servers that support this functionality. Beware, the patch has some known “gotchas.”
MS11-052/KB2544521 – Critical (IE 6, IE 7, IE 8, IE 9): Vector Markup Language (VML) can be exploited in IE to perform remote code execution attacks. I didn’t even know that VML was still around. You will want to patch as soon as you can.
There are no non-security patches released with this Patch Tuesday.
Changed, but not significantly: None.
Updates since the last Patch Tuesday
There were no security updates released out-of-band.
Minor items added or updated since the last Patch Tuesday:
Changed, but not significantly: