February 2011 Patch Tuesday Overview
Microsoft has released 12 new bulletins addressing 22 vulnerabilities in the February 2011 edition of Patch Tuesday. Although 12 bulletins may now seem like a low number for Microsoft's large release months, there are a couple of bulletins that need immediate attention. With two of the security bulletins, the exploit code has released publicly.
MS11-003 fixes multiple vulnerabilities in Internet Explorer. The most notable vulnerability addressed by this bulletin could lead to remote code execution if a malicious website is browsed to with an unpatched Internet Explorer browser. The Security Advisory for this vulnerability was originally released on December 22. Microsoft had seen limited attacks, so there was no need for Microsoft to release this bulletin out-of-band. This allowed Microsoft to include the fix for the vulnerability in their normally scheduled bi-monthly cumulative update. Even though the attacks have been limited, this vulnerability needs to be patched immediately as future attacks are likely.
MS11-006 also addresses a zero-day vulnerability. This security bulletin addresses a vulnerability in the Windows Graphics Rendering Engine that could allow remote code execution if exploited. The Security Advisory for this vulnerability was originally released on January 4. If an attacker can entice a user to view a malicious thumbnail image on a network share or WebDAV share, an attack that allows remote code execution can occur. Again with any zero-day vulnerability that has exploit code publicly available, it is imperative to patch the vulnerability immediately.
MS11-007 addresses a vulnerability in the OpenType Font Driver in Microsoft Windows. It is important to note that Microsoft Internet Explorer is not an attack vector for this vulnerability. Microsoft's browser uses Embedded OpenType fonts. However, third party browsers could use Opentype Font Driver. Patching the vulnerability with Microsoft’s security bulletin will mitigate the risk from other software that could be used as the attack vector. For an attack vector with Microsoft software, an attacker must entice a user to browse to a folder that contains a malicious Opentype Font file.
MS11-011 addresses a vulnerability in the Windows Kernel. With any patch that affects the Windows Kernel, it is extremely important to test the patch before widely deploying to your network. If a patch adversely affects the system, major implications can occur. One year ago, Microsoft released MS10-015 for a vulnerability in the Windows Kernel. Many Reports started circulating about the bulletin causing a "blue screen of death" after deploying the patch to systems. Although the BSOD was not caused by the patch (it was actually caused by the Alureon malware program), this event showed a prime example of why patches should be tested before mass deploying to your network.
On the non-Microsoft front, Adobe is releasing security bulletins to address a vulnerability in Adobe Reader and Acrobat. This will mark the first security bulletin that affects Adobe's new Acrobat/Reader X (version 10) line.
Mozilla had planned to release updates for their Firefox browser and Thunderbird email client today, but these releases have been delayed until next week.
- Jason Miller