Microsoft Releases Massive Patch Tuesday Update

Microsoft shipped a massive Patch Tuesday update this week that resolves a total of 64 vulnerabilities spread across 17 security bulletins. Affected system components include a broad swathe of Microsoft's products, such as Windows, Office, Internet Explorer, Visual Studio, the .NET Framework and GDI+. More importantly, nine of the bulletins were graded at the highest rating of "critical," while the remaining eight were ranked as "important."

 

Given the number of serious updates involved, small- and mid-sized businesses thinking of holding off on this update are advised not to put it off. This is because all but two of the bulletins allow for the possibility of remote code execution, which are scenarios where remote hackers are able to run unauthorized applications.

 

As I highlighted in yesterday's blog on the database break-in at Barracuda Networks, responsible SMBs must prioritize patching instead of relegating them to non-peak seasons. This is due to the rise of sophisticated tools, as well as the speed at which new security flaws are "weaponized" and distributed for use by legions of less-skilled hackers. Note that many of these updates may require system restarts and hence necessitate the scheduling of maintenance downtime if applied on server machines.

 

Microsoft has specifically urged for the utmost priority on a trio of system components, as highlighted by this blog announcing the April 2011 Security Bulletin Release. I summarize the details below:

 

• MS11-018 (Internet Explorer): One privately disclosed and four privately reported vulnerabilities for IE6, IE7 and IE8. (IE9 is not affected.)
• MS11-019 (SMB Client): An attacker can initiate a remote-code execution via a specifically crafted SMB response to a client-initiated SMB request. Note that SMB in this instance stands for Server Message Block, a protocol for shared access to resources such as files and printers.
• MS11-020 (SMB Server): Another remote-code execution attack involving the sending of a specifically crafted SMB packet.

 

Speaking to Windows IT Pro, Jerry Bryant, who is the Microsoft group manager of response communications in the trustworthy computing group, also highlighted a couple of additional updates that IT administrators will be interested in: An update to 64-bit Winload.exe to prevent certain rootkits (Security Advisory 2506014) and the backporting of Office 2010 file validation for users of Office 2003/2007 (Security Advisory 2501584). The former will also make it easier for third-party, anti-malware applications to detect and eliminate rootkits.