Microsoft fixed 34 bugs in June's Patch Tuesday release, closing critical security holes in Internet Explorer, Windows and Excel with nine rated as "critical."
addressed 34 security vulnerabilities across 16 security bulletins in June's
Patch Tuesday update. This will be Microsoft's second-largest Patch Tuesday in
2011 after April's gargantuan release.
patched the Windows operating system, all supported versions of Internet
Explorer, Microsoft Office, SQL Server, Forefront, .NET/Silverlight, Active
Directory and Hyper-V, the company said in its Patch
released June 14. Of the patches, nine have been rated as
"critical," and seven have been ranked as "important,"
according to Microsoft.
called out four critical updates as top priorities on the Microsoft
Security Response Center
blog. They include a fix for all versions of the
SMB Client on Windows (MS11-043), 11 bugs in all versions of Internet Explorer
(MS11-050), another Windows flaw (MS11-052) and two issues in the DFS client
for all versions of Windows (MS11-042), according to Trustworthy Computing's
going to be a lot of heavy lifting for IT administrators this month," said
Dave Marcus, director of security research and communications at McAfee Labs,
noting that administrators will also have to evaluate and prioritize patches
from Adobe and Oracle's
expects to see a reliable exploit developed in the next 30 days for six of the
critical bulletins and two important ones, Jonathan Ness wrote on the Security
Research and Defense blog. The only vulnerability currently being exploited in
the wild is an escalation of privilege flaw in the Ancillary Function Driver,
rated as important, according to Ness.
fixed 11 remote code execution vulnerabilities in Internet Explorer, versions 6
through 9 (MS11-050), and patched VML, a markup language used by the browser
(MS11-052). Most of them were rated as critical.
though none of these vulnerabilities is currently being exploited in the wild,
security administrators should make the IE patches a high priority, said Joshua
Talbot, security intelligence manager for Symantec Security Response.
slew of Internet Explorer vulnerabilities presents a significant attack surface
for cyber-criminals to poke at," Talbot said, noting that "at least
one" of the recent data breaches exploited a similar, previously patched
flaw in IE.
and plug-in vulnerabilities are also the main infection vector for Zeus and
SpyEye Trojans, said Wolfgang Kandek, CTO of Qualys. Patching IE and applying the
recent Java updates and expected Adobe Acrobat/Reader updates will allow IT
administrators to "keep ahead of the 'ExploitKit' writers" and make
their infrastructure more robust, Kandek said.
an exploit targeting one of the IE remote code execution flaws with the
existing escalation of privilege exploit for the Ancillary Function Driver
could give an attacker complete system access, Talbot said. On its own, the IE
flaws would give only user-level access on the compromised machine.
should also focus on the patch for Excel (MS11-045) addressing eight
vulnerabilities in all versions of Excel, including Mac OS X. Microsoft rated
it as "important" because the attack requires the user to open the
malicious file, but recent breaches have proved that attackers can trick
even the savviest users
into opening up unknown documents, Kandek said.
This is particularly the case for Excel, which is used overwhelmingly in business-related
patched a denial-of-service vulnerability in Hyper-V (MS11-047) on Windows Server
2008 and 2008 R2. An attacker with local administrator privileges on a guest
virtual machine can exploit the flaw (CVE-2011-1872) to cause a resource
exhaustion denial-of-service on the host, affecting all other virtual machines
installed on that machine.
also addressed the "cookie-jacking
vulnerability in HTML5 (MS11-037), rated as important, which would allow a
malicious Website to steal cookies from users. There are no chances for direct
code execution even though proof of concept code is publicly available, Ness
said. McAfee said the vulnerability "should be a lesser concern."
though the DFS and SMB client bugs are rated top-priority, many enterprise and
perimeter firewalls and Internet service providers can block outbound ports 139
and 445, which would prevent Internet-based attacks, according to Ness. Even
though it is possible to keep exposure low, administrators should schedule them
as soon as possible, Kandek said.