ID: IRCNE20111101308
Date: 2011-11-09
According to “CNET”, Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.
The updates address remote code execution and denial-of-service issues in all versions of Windows and Microsoft is urging its user base to pay special attention to MS11-083, which covers a gaping hole in the Windows TCP/IP stack, “ZDNet” reports.
The most serious of the updates is MS11-083, which could allow an attacker to take over a computer by sending a large number of malicious UDP packets to a closed port on a target system, the Patch Tuesday security bulletin said. It plugs a vulnerability in the TCP/IP stack in Windows 7, Vista, and Server 2008.
"Since this vulnerability does not require any user interaction or authentication, all Windows machines, workstations and servers that are on the Internet can be freely attacked," Amol Sarwate of Qualys said. "The mitigating element here is that the attack is complicated to execute, and Microsoft has given it an Exploitability index of '2,' meaning that the exploit code is inconsistent, but otherwise this has all the required markings for a big worm."
Microsoft also fixed a vulnerability in Windows Mail and Meeting Space that could be exploited to trick the system into remotely running random code if a user opens a file located in the same network directory as a malicious dynamic link library (.DLL) file. Also patched were a vulnerability in Active Directory and one in Windows Kernel-Mode Drivers that could allow a denial of service if a user opens a malicious TrueType font file as an e-mail attachment or navigates to such a file on a network share.
- 2