Microsoft expecting exploits for critical IE vulnerabilities

Microsoft expecting exploits for critical IE vulnerabilities

Summary: Patch Tuesday: Gaping holes in the Internet Explorer browser can be exploited to launch drive-by download attacks from rigged web sites.

SHARE:

Microsoft today warned that multiple gaping security holes in its Internet Explorer browser could expose millions of Web surfers to hacker attacks via rigged web pages.

As part of this months' Patch Tuesday release, Microsoft shipped a "critical" IE bulletin (MS11-057) with fixes for total of 7 security flaws.   Two of the vulnerabilities were publicly discussed prior to the availability of the patch.

The company expects to see reliable exploits developed within the next 30 days.

Because these vulnerabilities expose IE and Windows users to drive-by download attacks without any user action beyond surfing to a booby-trapped web site, Microsoft is strongly recommending that all Windows users apply the patch immediately.

The IE update is rated "critical"  for Internet Explorer 6 on Windows clients, and for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Important for Internet Explorer 6 on Windows servers.

Patch Tuesday heads-up: Critical IE update among 13 bulletins ]

follow Ryan Naraine on twitter

Microsoft also called special attention to MS11-058, a "critical" bulletin that addresses a pair of serious security holes in the Windows DNS Server.

The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk, Microsoft explained.

In an attack scenario, the company said that a malicious attacker can send a name resolution request to the victim DNS server that is configured to issue requests to a malicious DNS server.  Because of the vulnerabilities, the response from the malicious DNS server to the  victim DNS server is improperly handled, resulting in a denial-of-service condition on the victim DNS server.

The Windows DNS Server update is rated "critical" for 32-bit and x64-based editions of Windows Server 2008, and x64-based editions of Windows Server 2008 R2; and Important for all supported editions of Windows Server 2003.

The August Patch Batch also fixes these serious problems:

  • MS11-063: An "important" vulnerability in Windows Client/Server Run-time Subsystem that allows privilege escalation if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. Microsoft expects to see reliable exploits developed within the next 30 days.
  • MS11-062: A vulnerability in the Remote Access Service NDISTAPI Driver.  This could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system.  Microsoft warns that reliable exploits could be developed within the next 30 days.
  • MS11-064: Provides patches for a pair of vulnerabilities in the TCP/IP stack. The vulnerabilities could allow denial-of-service (blue screen) if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.  Microsoft said there is no exploit possible for code execution.

This month's patch release also includes fixes for denial-of-service bugs in Remote Desktop Protocol (MS11-065); a pair of code execution holes in Microsoft Visio (MS11-060); a solitary bug in ASP.NET Chart Controls that causes information disclosure (MS11-066); a data exposure flaw in Microsoft Report Viewer (MS11-067); and an elevation of privilege bug in Remote Desktop Web Access (MS11-061).

Topics: Windows, Browser, Hardware, Microsoft, Networking, Operating Systems, Security, Servers, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

32 comments
Log in or register to join the discussion
  • RE: Microsoft expecting exploits for critical IE vulnerabilities

    I have been told over and over Web surfers do not go to rigged web pages.

    Thank you Ryan for bring this to my attention.

    Hooah!
    daikon
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @daikon Agreed.
      xplorer1959
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      <i>I have been told over and over Web surfers do not go to rigged web pages.<br><br>Thank you Ryan for bring this to my attention.</i><br><br>Thanking him for what? Common sense? <br><br>:0
      ScorpioBlue
      • RE: Microsoft expecting exploits for critical IE vulnerabilities

        @ScorpioBlue
        Thank Ryan for writing a great article. Its common sense to thank someone if you believe they did a great job.
        daikon
      • RE: Microsoft expecting exploits for critical IE vulnerabilities

        [i]I have been told over and over Web surfers do not go to rigged web pages.[/i]

        That's common knowledge. No reason to give thanks.
        ScorpioBlue
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @daikon

      i sure hope that is sarcasm

      a "rigged website" can be as "innocent" as a google result or a linked in advertisement segmnent. not something the average user is able to do much about
      erik.soderquist
  • RE: Microsoft expecting exploits for critical IE vulnerabilities

    OMG, this has only been news for 15 years.
    kenift
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @kenift But IE is the best
      jurlug
  • RE: Microsoft expecting exploits for critical IE vulnerabilities

    I would think Microsoft would be able to send auto bot target for specific code holes to collect addresses and make a list to divert them to safe ip zones,, This way they would be by passing those sites it finds on master lists..
    beansbag@...
  • RE: Microsoft expecting exploits for critical IE vulnerabilities

    Meh. You gotta trick a user into going to a malicious site first which will be pretty hard to do. They aren't going to stray away from their 6 safe sites they do go to. Now that the patches are out it doesn't matter if someone makes an exploit anymore, no one will be able to use it because it been patched. Total non-issue.
    LoverockDavidson
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @LoverockDavidson Thanks, I needed my daily lulz.

      BTW, if you're considering Failbook a "safe" website, you just lost any credibility you would have had in my book. Especially since there's yet another malicious clickjack attack that could possibly install malware on Windows machines.
      Champ_Kind
      • RE: Microsoft expecting exploits for critical IE vulnerabilities

        @Champ_Kind

        Loverock never had any credibility to begin with.
        guzz46
      • RE: Microsoft expecting exploits for critical IE vulnerabilities

        @Champ_Kind

        Facebook is as secure as you make it.
        The one and only, Cylon Centurion
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @LoverockDavidson
      Thank you Lovey, it's been a long day and I needed a good laugh. I wish ZDNet had a feature to highlight all your posts so I could find them more easily!

      Of course that's just my opinion, I could be wrong.
      914four
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @LoverockDavidson
      You live in an wonderful little fantasy of yours.
      ZackCDLVI
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @LoverockDavidson

      "you gotta trick the user into going to a malicious site first"

      That's not necessarily so. A friend of mine picked up a malware infection by clicking on a picture of a coat on the Burlington Coat Factory Web site. This has been a few years ago, but still...how is the Burlington Coat Factory site a malicious site? You don't have to be "tricked" to go to malicious sites any more. These days malware is all over the Web.
      SElizDav
  • RE: Microsoft expecting exploits for critical IE vulnerabilities

    Seeing this kind of report about vulnerabilities in Microsoft products suggests to me that it is time the computing world woke up to the folly of continuing to support a monopolistic single source of computing infrastructure. There are at least half a dozen browser options, and another half dozen operating systems to choose from. While Microsoft provides a single route into nearly everyone's computer, those with malicious intent need only exploit one system. Microsoft continues to charge offensively monopolistic prices that people pay, even in the face a free alternatives. Doesn't make sense to this non-techie.
    namobo
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @namobo
      Yeah! Same ole yata, yata, yata! Everyone woke up to you and figured out that your opinion just doesn't matter. But, thank you for playing!!
      eargasm
    • RE: Microsoft expecting exploits for critical IE vulnerabilities

      @namobo

      Blah, blah, blah. First of all, this isn't 1996 anymore. The whole "monopoly" attack is old. Second, Microsoft Windows isn't the only OS or piece of software that suffer vulnerabilities.

      Thank you for playing.
      The one and only, Cylon Centurion
    • Do tell us

      @namobo

      Which browsers with fewer vulnerabilities could we use?

      Which operating systems with fewer vulnerabilities could we use?
      honeymonster