News

Microsoft Patch Tuesday: Critical Internet Explorer, Windows DNS updates

Hillary O'Rourke, Contributor

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server. 

Microsoft addressed seven

    Requires Free Membership to View

vulnerabilities in Internet Explorer, including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

The flaws affect all supported versions of Internet Explorer, including IE 9. The August Patch Tuesday update corrects errors in the way IE handles objects in memory and handles JavaScript handlers. For most organizations, the IE update will be automatically applied.

Jason Miller, manager of research and development at VMware’s Shavlik Technologies, said the IE flaws and the Windows DNS error allows cybercriminals to attack systems remotely. Any time there’s a public vulnerability “out in the wild, it’s important to disclose it as soon as possible,” Miller said.

Patching administrators also must address server-side vulnerabilities. MS11-058 addresses two privately reported vulnerabilities in the Windows DNS server. The flaws affect the server side rather than a client request to a DNS server. If the company DNS servers have caching of DNS relaying enabled, the system is at risk. Otherwise, if the DNS role is not enabled, users are not at risk, although they should still deploy the patch to be on the safe side, Miller said.

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated “important” for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer, which could cause the system to crash.

Details outlining all the security bulletins are available at the Microsoft Security Response Center blog.

Adobe update repairs Shockwave Player flaws

Adobe Systems Inc. issued a critical update Tuesday, fixing seven vulnerabilities in Shockwave Player that could be used by an attacker to run malicious code on the affected system and gain access to sensitive data.

Adobe also issued an update to its Flash Player and Flash Media Server. More than a dozen Flash Player flaws were patched in the update. The update affects users of Flash Player on Windows, Macintosh, Linux and Solaris, Flash Player for Android and Adobe Air 2.7 and earlier versions for Windows, Macintosh and Android.

Meanwhile, users of Flash Media Server are being urged to update to Flash Media Server 4.0.3 or 3.5.7 to fix a critical vulnerability, which can cause a denial-of-service on an affected system.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: