Search
Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update

Microsoft's August Patch Tuesday release was relatively small, but it does carry urgency due to serious remote code execution flaws in Internet Explorer.

issued 13 security bulletins

Microsoft's Internet Explorer bulletin (MS11-057) covers seven vulnerabilities, five of which were privately reported to Microsoft and two that were disclosed publicly. The most severe of these vulnerabilities carry the threat of remote code execution, and could enable attackers to execute drive-by malware downloads by getting users to visit a rigged Web page.

Microsoft has rated the MS11-057 update "Critical" for Internet Explorer 6 on Windows clients, and for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Important for Internet Explorer 6 on Windows servers.

Microsoft's MS11-058 bulletin patches two privately reported vulnerabilities in Windows DNS server, one of which is a remote code execution flaw that stems from the software's improper handling of a NAPTR (Naming Authority Pointer) query string in memory.

If successfully exploited, the vulnerability could allow an attacker to run arbitrary code with full system privileges, which means they'd be able to install programs, view, alter or delete data, and basically treat that system like their own personal amusement park.

"The DNS vulnerability could result in a complete system compromise," Joshua Talbot, security intelligence manager at Symantec Security Response, said in a statement distributed to media outlets. “Because no user interaction is needed, a vulnerable service simply needs to be up and running for the vulnerability to be exploited."

Microsoft labeled nine of its August bulletins as "Important," two of which carry the potential for remote code execution, including two flaws in Microsoft Visio that attackers could exploit by getting users to open a rigged Visio file. The remainder of the Important bulletins and two bulletins that Microsoft rated 'Moderate' could result in elevation of privilege, denial of service and information disclosure, the software giant said.

Back to Top

Video

 

sponsored resources