Yesterday was Microsoft’s Patch Tuesday for the month of October. There were a total of eight new security bulletins–not too many, but enough to keep IT admins busy for a while. While most of the vulnerabilities addressed are not imminent threats, security experts are virtually unanimous that patching Internet Explorer should be priority one.
First, let’s take a brief look at the security bulletins Microsoft released for Patch Tuesday:
MS11-075 (Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution): Could be exploited to run malicious code from a rogue DLL file.
MS11-076 (Vulnerability in Windows Media Center Could Allow Remote Code Execution): Addresses a publicly disclosed vulnerability in Windows Media Center that could be used to run malicious code from a rogue DLL file.
MS11-077 (Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution): Fixes four different vulnerabilities in Microsoft Windows, including one that could allow an attacker to execute malicious code by luring someone to open a malicious font file.
MS11-078 (Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution): Fixes a critical vulnerability in .NET Framework and Microsoft Silverlight that can be exploited to run malicious code when someone visits a compromised website.
MS11-079 (Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution): Resolves five vulnerabilities in Microsoft Forefront Unified Access Gateway, one of which could enable an attacker to execute malicious code by luring the user to visit a compromised website.
MS11-080 (Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege): Deals with a possible elevation of privileges vulnerability, but an attacker would have to log on locally to the system using valid credentials, so this presents very little risk.
MS11-081 (Cumulative Security Update for Internet Explorer): This month’s Cumulative Security Update for Internet Explorer addresses eight vulnerabilities, including one which can be used to execute malicious code simply by luring a user to visit a compromised website.
MS11-082 (Vulnerabilities in Host Integration Server Could Allow Denial of Service): Deals with two vulnerabilities in Host Integration Server that could be used for a denial of service attack.
To average users and many IT admins, the descriptions all sound somewhat ominous, and–to be fair–they are all updates that should be applied if you use the affected products or services. But, only two of the security bulletins (MS11-078 and MS11-081) are rated as Critical by Microsoft, and only one of them is being pushed as a top priority by security experts.
Joshua Talbot, security intelligence manager, Symantec Security Response, says, “Internet Explorer vulnerabilities are very common targets of attackers and it will probably be no different with these. Users and IT departments should patch these right away.”
Paul Henry, security and forensic analyst at Lumension, stresses about MS11-081, “None of the patched issues are related to active exploits; however users are urged to patch this as a high priority.”
Andrew Storms, director of security operations at nCircle, implores, “Patching Internet Explorer should be at the top of everyone’s list.”
Amol Sarwate, Manager of Vulnerability Labs for Qualys, agrees, “The highest priority should be given to MS11-081 which patches a code execution vulnerability in Internet Explorer.”
VMWare’s Jason Miller, and Marcus Carey from Rapid7 also cite updating Internet Explorer as the number one priority from this Patch Tuesday. I think it is safe to say that we have a general consensus on which update is the most urgent.
Make sure you apply all updates that affect your systems as soon as possible. But, if you have testing and patch rollout processes to deal with, make sure you address MS11-081 first.