Microsoft's Internet Explorer bulletin (MS11-057) covers seven vulnerabilities, five of which were privately reported to Microsoft and two that were disclosed publicly. The most severe of these vulnerabilities carry the threat of remote code execution, and could enable attackers to execute drive-by malware downloads by getting users to visit a rigged Web page.
Microsoft has rated the MS11-057 update "Critical" for Internet Explorer 6 on Windows clients, and for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Important for Internet Explorer 6 on Windows servers.
Microsoft's MS11-058 bulletin patches two privately reported vulnerabilities in Windows DNS server, one of which is a remote code execution flaw that stems from the software's improper handling of a NAPTR (Naming Authority Pointer) query string in memory.
If successfully exploited, the vulnerability could allow an attacker to run arbitrary code with full system privileges, which means they'd be able to install programs, view, alter or delete data, and basically treat that system like their own personal amusement park.
"The DNS vulnerability could result in a complete system compromise," Joshua Talbot, security intelligence manager at Symantec Security Response, said in a statement distributed to media outlets. “Because no user interaction is needed, a vulnerable service simply needs to be up and running for the vulnerability to be exploited."
Microsoft labeled nine of its August bulletins as "Important," two of which carry the potential for remote code execution, including two flaws in Microsoft Visio that attackers could exploit by getting users to open a rigged Visio file. The remainder of the Important bulletins and two bulletins that Microsoft rated 'Moderate' could result in elevation of privilege, denial of service and information disclosure, the software giant said.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Comcast
Comcast Business Learning Center

Vertiv
Edge Computing 360

Sophos
Sophos Cybersecurity Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center
