Patch Tuesday: Microsoft Releases 13 Bulletins, 2 Critical

ID THREATPOST:BC7FEB024410695A5D0533983BD7592D
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:07:18


MIcrosoft patchMicrosoft shipped 13 bulletins in the August edition of Patch Tuesday, including two critical fixes for the Internet Explorer Browser and for Windows DNS Server that the company warns could enable remote attacks.

The scheduled monthly update includes a a cumulative security update for Internet Explorer, MS11-057, that resolves a handful of private and publicly reported vulnerabilities in the Web browser. If exploited on an unpatched machine, those vulnerabilities could allow an attacker to assume the same user-rights as a local user, Microsoft said.

The second critical fix, MS11-058, repairs vulnerabilities in Microsoft DNS server that could allow for remote code execution. This update resolves two privately disclosed vulnerabilities in the Windows DNS server. The most severe of these bugs could potentially allow an attacker to register a domain, create an NAPTR DNS resource record, and then send specially crafted NAPTR query to the DNS server. Servers without the DNS role enabled are immune to this attack.

In addition to the two critical fixes, Microsoft released nine important patches, and two moderate patches. Bulletins with the ID MS11-059 through MS11-067 are rated “important” and fix vulnerabilities in Data Access Components, Microsoft Visio, remote desktop Web access, remote access service NDISTAPI driver, Windows client/server run-time subsystem, TCP/IP stack, remote desktop protocol, Microsoft chart control, and Microsoft report viewer.

MS11-068 and MS11-069 are both listed as moderate, and they fix bugs in the Windows kernel and the .NET framework.

For more information, you can find the entire patch Tuesday report here.