Patch Tuesday: IE bug could spread virus; .Net affects Mac users

Microsoft fixes 22 holes in eight patches, two critical, with no big surprises

There were no big surprises in this month's Patch Tuesday. Microsoft issued eight updates, two critical, to fix 23 vulnerabilities. However the two critical patches are doozies. One of them fixes all versions of Internet Explorer on all versions of Windows and the other fixes .Net/Silverlight.

“Administrators should pay special attention to the critical flaw affecting Internet Explorer and Windows users, which, left unpatched, can allow attackers to remotely spread a virus. IT administrators should also be aware that the .NET issue also affects Mac OS clients,” said Dave Marcus, director of security research and communications at McAfee Labs. He adds that he would consider this Patch Tuesday moderate. Three of the holes have been publicly disclosed with proof of concept code available.

Here is Microsoft's rundown of which flaw is public and which is private. Click to enlarge image.

The .Net/Silverlight issue is "complex" to exploit, says Joshua Talbot, security intelligence manager, Symantec Security Response, but because it affects all of .Net and gives attackers many ways to use it, it earned its critical rating, too. "The vulnerability can be exploited in a number of ways, including traditional downloads, drive-by downloads and through hosting a malicious .NET application,” Talbot says.

The fix for the "poison cup" hole that affects Microsoft's firewall, antimalware product, Forefront UAG, wasn't rated critical, but possibly should have been Talbot suggests. “Although the Poisoned Cup of Code Execution Vulnerability wasn’t rated critical, it is important to note that an exploit would be quite easy for an attacker to develop. To utilize it, however, an attacker would have to get a potential victim to visit a malicious website, so a degree of social engineering would still probably be required. Once the user is at the site, though, the exploitation would be pretty straightforward.”

Paul Henry, security and forensic analyst at Lumension, notes that many of these patches require a reboot, always a painful disruption for an enterprise. He summarizes each of the eight patches like this.

MS11-081: Critical Internet Explorer patches that correct 8 vulnerabilities with typical attack vectors and one involving Java Script. None of the patched issues are related to active exploits; however users are urged to patch this as a high priority. It’s important to note that many of the fixes are related to improving defense in depth to strengthen the browser.

MS11-078: Critical .NET issue, which also impacts SilverLight. Users of .NET Client and SilverLight are urged to apply this patch as a high priority.

MS11-075: Important Windows Active Accessibility that corrects a DLL Injection issue.

MS11-076: Important Media Center Issue, correcting a DLL Injection Issue.

MS11-077: Important patch that resolves a Win32l Kernel Mode Drivers Issue that involves font rendering, which is a low risk with Microsoft IE (as the font would not be rendered), but could be a high risk with third party browsers (that would render the font).

MS11-080: Important Ancillary Function Driver Issue that provides for an escalation of privilege.

MS11-079: Important Forefront UAG Issue, resolving a perimeter firewall XSS issue.

MS11-082: Important Host Integration Server, resolving a DoS issue for the service.

Links to all of the October Bulletins can be found here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.

IT Salary Survey: The results are in