October 2011 Patch Tuesday: 8 Security Updates Addressing 23 Unique CVEs

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 8 security updates addressing 23 unique CVEs in Microsoft products.5 updates for Microsoft Windows1 updates for .NET Framework1 update for Microsoft Forefront1 update for Internet ExplorerMSRC says, there're "two bulletins that we want to call out as priorities for our customers":"MS11-081 […]

Microsoft releases security updates on the second Tuesday of every month. Today Microsoft released 8 security updates addressing 23 unique CVEs in Microsoft products.

  • 5 updates for Microsoft Windows
  • 1 updates for .NET Framework
  • 1 update for Microsoft Forefront
  • 1 update for Internet Explorer

MSRC says, there're "two bulletins that we want to call out as priorities for our customers":

  • "MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
  • MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in .NET Framework and Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions."

The table below helps you prioritize the deployment of the updates appropriately for your environment:

BulletinMost likely attack vectorMax Bulletin SeverityMax Exploit-abilityLikely first 30 days impactPlatform mitigations and key notes
1.MS11-081
(Internet Explorer)
Victim browses to a malicious website.Critical1Likely to see reliable exploits developed in the next 30 days.
2.MS11-078
(Silverlight, .NET framework)
Victim browses to a malicious webpage with Silverlight-enabled browser.Critical1Likely to see reliable exploits for Silverlight 3 in next 30 days.Underlying issue present in .NET Framework and later versions of Silverlight (4+) but more difficult to exploit for code execution.
3.MS11-077
(Win32k.sys)
Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level.Important1Likely to see an exploit developed for local elevation of privilege in next 30 days.
4.MS11-080
(AFD.sys)
Attacker logged-in to a machine locally exploits vulnerability to elevate to a higher privilege level.Important1Likely to see an exploit developed for local elevation of privilege in next 30 days.Vista and later platforms not affected due to IO manager hardening.
5.MS11-075
(DLL Preloading)
Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share.Important1Likely to see reliable exploits developed in the next 30 days.
6.MS11-076
(DLL Preloading)
Victim browses to a malicious WebDAV share and launches an application by double-clicking a content file hosted on the attacker-controlled WebDAV share.Important1Likely to see reliable exploits developed in the next 30 days.
7.MS11-079
(Forefront Unified Access Gateway [UAG])
Attackers sends malicious XSS link to a Forefront UAG administrator. Admin clicks link which takes action on the UAG portal in the admin's context.Important1Likely to see exploit for information disclosure released in next 30 days.
8.MS11-082
(Host Integration Server)
Attacker sends malicious stream of network packets to Host Integration Service causing a denial of service.Important3Any exploit developed could only be used for denial of service.

Below is a deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Oct 2011: Microsoft Security Bulletin deployment priority guidance

Hers is a risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).

Oct 2011:Microsoft severity and exploitability index

Watch this video, Jerry Bryant discusses this month's bulletins in further detail: