This week once again brought us Microsoft Patch Tuesday, and Microsoft has released 5 new patches addressing 15 vulnerabilities. The vulnerabilities represent a fairly typical mix: three patches address issues in client-side applications (Excel, MS Office, etc), and two are for Windows server apps (WINS Servers and Sharepoint servers). Two of the 15 vulns had been previously disclosed in public forums by security researchers, one with proof-of-concept exploit code. In addition, Adobe released a critical update to Adobe Acrobat and Adobe Reader.
All of this month’s patches are rated “Important” by Microsoft, following an overall trend toward lower severity in issues that are being addressed. Over the last 2 years, approximately 30% of the vulns patched by Microsoft have been rated “Critical”; in the last 3 months, it’s been closer to 15%. Also, the rate of vuln disclosure has evened out over the last few months. This breaks the bursty cycle that has been typical in 2H 2010 and 1H 2011, where MS would alternate a large batch of patches one month, followed by relatively few the following month. Below you’ll see how the overall picture for this year stacks up against recent years:
The security patches released by MS this month include:
- (MS11-070) Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
- (MS11-071) Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
- (MS11-072) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
- (MS11-073) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
- (MS11-074) Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Most critical this month are the vulnerabilities addressed by the 3 workstation patches (MS11-071, -072, and -073), which all have similar attack vectors and results. If an attacker convinces a user to open a properly crafted document (or in some instances, any document in a folder containing exploit code), the attacker’s embedded code will execute with the privileges of the logged-on user. The Excel patch (MS11-072) is rather interesting as it affects not just Windows versions of MS Excel, but also MS Excel on the MacOS, potentially opening the door for cross-platform attacks.
McAfee’s coverage for this month’s MS vulns is excellent:
- McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 7 out of 15 MS vulnerabilities this month.
- McAfee Host Intrusion Prevention is expected to provide protection against exploits of 11 out of 15 MS vulnerabilities and 11 out of 12 Adobe vulnerabilities this month.
- McAfee's Network Security Platform has new signatures confirmed to protect exploits of 14 out of 15 MS vulnerabilities and 12 out of 12 Adobe vulnerabilities this month.
- McAfee Vulnerability Manager and Policy Auditor now have content to assess whether your systems are exposed to any of these new vulnerabilities.
Additional research is underway to determine coverage for McAfee’s Web Gateway, Application Control, and other countermeasures. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.