gHacks Technology News | Latest Tech News, Software And Tutorials » patches

Microsoft Patch Day October 2011 Overview

Martin Brinkmann — Tue, 11 Oct 2011 17:32:16 +0000

Microsoft releases Windows updates on the second Tuesday of the month. A total of eight different security bulletins have been released today by Microsoft. They update the operating system Microsoft Windows and other Microsoft products such as the .NET Framework, Microsoft Silverlight and Internet Explorer. Two of the eight bulletins have been given the highest possible severity rating critical, the remaining six one of important. Maximum severity means that there is at least one product affected by that vulnerability impact.

You find information about each security bulletin below. Please follow the links for information about affected operating systems and Microsoft applications. You find a summary of all security bulletins here.

Here are the Bulletin Deployment Priority and Severity and Exploitability Index screenshots for October 2011:

And a video in which Jerry Bryant discusses this month’s bulletins:

View this video as a WMV

MS11-078 - Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) -
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

MS11-081 - Cumulative Security Update for Internet Explorer (2586448) - This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-075 - Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

MS11-076 - Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) - This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.

MS11-077 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) - This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.

MS11-079 - Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) - This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

MS11-080 - Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) - This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

MS11-082 - Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) - This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.

Windows users can update their operating system by installing the security patches via Windows Update or Microsoft's Download Center with Windows Update being the better option if the patches do not have to be installed on multiple computer systems.

Updates are already live and available via Windows Update. Additional information are available at Microsoft's Security Response Center.

Expect A Massive Patch Day Tomorrow

Martin Brinkmann — Mon, 12 Oct 2009 10:28:02 +0000

Tomorrow is a day that could force many system administrators into overtime as both Microsoft and Adobe plan to release security patches for several of their products. Microsoft alone plans to release 13 security patches and updates for various Microsoft operating system, Microsoft Office and other Microsoft products. The patch day is also the first to include a critical security patch for Microsoft’s upcoming operating system Windows 7.

Adobe on the other hand plans to release security patches for its popular PDF reader Adobe Reader that are also rated critical. The updates will all be released tomorrow and system administrators will certainly their hands full updating the computer systems that run the software and operating systems.

A closer look at the Microsoft Patch Day reveals eight critical security vulnerabilities and five important vulnerabilities that will get fixed with the patches that are released tomorrow. The majority of vulnerabilities affects the Windows operating system but it does also include one critical Internet Explorer vulnerability.

System administrators and Windows users are encouraged to visit the two websites linked above for further information. These websites will also contain the links to patch the security vulnerabilities. Windows users can also use Windows Update, Microsoft Update or Automatic Updates to update their operating system.

Autopatcher Updater 1.04

Martin Brinkmann — Mon, 24 Mar 2008 15:11:08 +0000

I have examined the new Autopatcher Updater before and the program was kinda buggy back then. Some time has passed and the Autopatcher team managed to produce several new versions and recently released version 1.04 of their Autopatcher Updater. It felt right to take another look to see what has changed since the early beta releases.

But let me give you a brief description of Autopatcher before I continue. Autopatcher queries the Microsoft update server and downloads all patches and updates from that server to your computer. When I say all I mean all for the operating system or software (like Microsoft Office) that you have selected.

This procedure has several benefits over automatic installations. All patches and updates are downloaded to the users computer and can be used to update several computers, even those without Internet or network access. It is furthermore possible to select the updates that should be installed on the computer and those that should not be.

You begin the process by downloading the Autopatcher Updater from the Autopatcher website. Unpack it to your hard drive and execute the file. A list with possible operating systems and applications will be shown and some of them will be preselected.

Make sure you do keep the Autopatcher Updater and Autopatcher Engine entries checked. You can then make your selection from various Windows editions, languages and applications. Available languages are currently English, Italian and Portuguese.

A click on Next will download all files and patches to your computer directly from the Microsoft servers. The process finishes quickly and will place a file called autopatcher.exe in the root folder of the directory. Start that file afterwards which will load a list of available patches and updates for your operating system.

Items are sorted by critical and recommend updates as well as updated components and Registry tweaks. Already installed patches are marked blue while those that have not been installed yet have a black font color. Simply check the updates that you want to install and click the next button which will start the installation process.

I did not encounter any errors, freezes or even crashes during my tests which is definitely an improvement since the last version that I tried.

Update Windows without Microsoft

Martin Brinkmann — Sun, 11 Feb 2007 08:04:59 +0000

I recently received an email from one of my readers who asked if there would be a secure way to update a Windows XP installation that already had service pack 2 installed with the latest patches issues by Microsoft in the months after the second service pack was released. His main concerns were about WGA, Windows Genuine Advantage. He did not like the fact that data was sent from his computer to Microsoft.

Fortunately for him there is indeed an easy method to upgrade Windows XP without contacting a Microsoft server at all. This of course is only half the truth, some software products like IE7 and Windows Media Player 11 contact Microsoft during installation. You can either use one of the techniques described in my posts to avoid this or choose to not install those programs.

The current Autopatcher file size is about 350 megabytes in size for Windows XP and can be downloaded from the Autopatcher homepage. I suggest you use a torrent or a mirror to ease the load on the main servers. You also find versions for Windows 2000 and 2003.

Download the full Autopatcher release for your language and after that the smaller update for January. Install both on your computer and run the application afterwards. The difference between full and lite versions is that some third party products (e.g. Java from Sun) have been removed from the package, all Microsoft patches are still inside.

Autopatcher scans your system and displays a list of patches that could be installed. The following categories exist:

Microsoft Windows – Critital Updates
Microsoft Windows – Recommended Updates
Microsoft Windows – Updated Components
Microsoft Windows Genuine Advantage
Windows Addons
Registry Tweaks

The first three are automatically (partially) selected. I would advise to check the patches manually and remove everything that seems unnecessary. Click on Update after you have made your selections and Autopatcher will update your system.

Autopatcher is great if you have to update more than one operating system. Instead of downloading all the patches several times you do it once. Great time saver.