November 2011 Patch Tuesday Overview
Microsoft has released four new security bulletins for this edition of Patch Tuesday. These four security bulletins address four vulnerabilities.
The first bulletin administrators should address is MS11-083. This bulletin addresses one vulnerability in Windows TCP/IP. If an attacker sends a stream of malicious User Datagram Protocol (UDP) network packets to an unpatched machine, the attacker could gain control over the affected system. With this type of an attack scenario, alarms could be raised about the potential of a vulnerability that is used in a worm. However, there are a few items that will make it difficult for an attacker to use this exploit in a worm. First, the network port attacked on the target machine must be closed. Second, a normal UDP packet streamed to a vulnerable machine will not allow the attacker to gain access to the system. The UDP packet must be "specially" crafted. An attacker will need to figure out the type of packet to send to a vulnerable machine. Finally, this vulnerability was privately disclosed to Microsoft so there is no known code out in the wild at this time and Microsoft has not received any reports of attacks against this vulnerability.
On the non-Microsoft front, a couple of vendors will be a part of this Patch Tuesday. Adobe released a new security bulletin for their Shockwave player today. This security bulletin addresses four vulnerabilities and is rated as Critical. Mozilla is planning to release new versions to the Firefox, Thunderbird and SeaMonkey product families.
Patch Tuesday is no longer just about Microsoft releasing new security bulletins. Many other vendors can sneak in with their own security releases that can be just as or more important than Microsoft releases. Given the history of non-Microsoft vendors releasing on Patch Tuesday, administrators should plan for the unexpected during the monthly patch maintenance window.
I will be reviewing the November 2011 in depth during my monthly Patch Tuesday webinar tomorrow at 11am CDT. You can register to attend the live webinar here.
- Jason Miller