A mild November Patch Tuesday from Microsoft

Stephen Withers
Wednesday, 09 November 2011 10:46

Business IT - Security

Microsoft has released just four security bulletins this month, and only one of them is rated critical.

November brings four security bulletins from Microsoft, all of them affecting Windows. Top of the list is a flaw in TCP/IP handling, which could allow remote code execution to be triggered by a stream of maliciously crafted packets.

That problem applies to Windows 7, Vista, and Server 2008. XP and Server 2003 are not affected.

The same applies to a vulnerability in Windows Mail and Windows Meeting Space. Rated important, this appears to be another in a long series of DLL loading issues that are exploited by persuading a user to open a legitimate file from the same directory as the malicious DLL.

The other important vulnerability applies to all currently supported versions of Windows except Server (2003 and 2008) for Itanium-based systems. This issue permits privilege escalation in particular non-default circumstances.

Finally, there's a fix for a Windows Kernel-Mode Drivers to overcome a problem triggered by maliciously crafted TrueType font files. Rates moderate, the issue only applies to Windows 7 and Server 2008 R2.

As usual, Microsoft has also updated the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.

In related news, Microsoft released non-security updates for Office 2010 to provide bug fixes and stability and performance improvements.