13 Microsoft security bulletins released - unlucky for some?

Stephen Withers
Wednesday, 10 August 2011 08:43

Business IT - Security

Microsoft has addressed 22 vulnerabilities with 13 security bulletins this month. The good news is that only two of the bulletins are rated critical.

A baker's dozen of Microsoft security bulletins means plenty of work for those charged with the responsibility of regression testing and pushing out updates to corporate systems. Most individual Windows users will simply rely on Windows Update to collect and install the appropriate items.

The first critical update applies to all supported versions of Internet Explorer (6 through 9) and therefore all versions of Windows except Server Core installations of Server 2008. It addresses seven vulnerabilities, two of which were publicly reported. All seven may allow remote code execution.

The other concerns Windows DNS server and has more limited impact. It is regarded as critical on Server 2008 where it could be exploited to cause remote code execution and important on Server 2003 where a denial of service is possible. Windows 7, Vista and XP are not affected.

Seven Windows vulnerabilities patched this month are rated important. There's an insecure library loading issue affecting Windows 7 and Server 2008, a cross-site scripting vulnerability in Server 2008 R2's Remote Desktop Web Access, an NDISTAPI driver vulnerability in Windows XP and Server 2003, and a flaw in the Client/Server Run-time Subsystem in all currently supported versions of Windows.

Then there are a denial of service vulnerability in the TCP/IP stack for Windows 7, Vista and Server 2008; a vulnerability in Remote Desktop Protocol with the possibility of a denial of service in XP and Server 2003; a Windows Kernel denial of service vulnerability that can be exploited by inducing a user to open a malicious file;  

Patches have also been released for other products - see page 2.