Microsoft fixes gaping hole in Windows TCP/IP stack

Summary:An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Microsoft urges Windows users to treat this update with the utmost priority.

Microsoft has released its November batch of security bulletins with fixes for at least four documented vulnerabilities affecting the Windows operating system.

The updates address remote code execution and denial-of-service issues in all versions of Windows and Microsoft is urging its user base to pay special attention to MS11-083, which covers a gaping hole in the Windows TCP/IP stack.

The raw details:

A remote code execution vulnerability exists in the Windows TCP/IP stack due to the processing of a continuous flow of specially crafted UDP packets. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Because of the "critical" nature of this update, Microsoft is urging Windows users and administrators to treat MS11-083 with the utmost priority.

follow Ryan Naraine on twitter

The company also fixed a serious vulnerability in Windows Mail that exposes users to hacker attacks via the Web browser.

Some basic details via the MS11-085 bulletin:

The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

Microsoft expects to see functional exploit code for this vulnerability within the next 30 days.

The November Patch Tuesday batch also contains fixes for a privilege escalation flaw in Active Directory (MS11-086) and a vulnerability in Windows kernel mode drivers (MS11-084) that could allow denial-of-service attacks.

Topics: Security, Enterprise Software, Microsoft, Networking, Windows


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.