Today Microsoft released 12 security bulletins, three rated Critical and nine rated Important. They address a total of 22 unique vulnerabilities in Microsoft Office, Windows, Internet Explorer and Internet Information Services (IIS).
Additionally, Microsoft updated an advisory to release a new feature that protects customers against Autorun-related vulnerabilities. Microsoft also released telemetry on the Microsoft Malware Protection Center (MMPC) blog concerning a vulnerability in Internet Explorer described by Security Advisory 2488013 and fully addressed in MS11-003.
Wolfgang Kandek, Qualys CTO, comments: “While three 0-days have been addressed, ZDI added yesterday an additional five 0-days four in Microsoft Excel and one in Powerpoint. These vulnerabilities were made public before the patches were actually available because the advisory had been in the vendor’s hand for longer than 180 days. Microsoft is not the only company affected: ZDI has one 0-day each for EMC, Novell, CA, SCO (good luck there), eight for IBM in Domino and Lotus Notes and even four 0-days for ZDI’s parent company HP.”
Microsoft recommends that systems administrators prioritize deployment of the following Critical bulletins:
- MS11-003 addresses four vulnerabilities in Internet Explorer.
- MS11-006 addresses one vulnerability in Windows.
- MS11-007 addresses one vulnerability in Windows.
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek, where he offers his extensive knowledge on the subject.