Microsoft expecting exploits for critical IE vulnerabilities

Microsoft today warned that multiple gaping security holes in its Internet Explorer browser could expose millions of Web surfers to hacker attacks via rigged web pages.

As part of this months' Patch Tuesday release, Microsoft shipped a "critical" IE bulletin (MS11-057) with fixes for total of 7 security flaws.   Two of the vulnerabilities were publicly discussed prior to the availability of the patch.

The company expects to see reliable exploits developed within the next 30 days.

Because these vulnerabilities expose IE and Windows users to drive-by download attacks without any user action beyond surfing to a booby-trapped web site, Microsoft is strongly recommending that all Windows users apply the patch immediately.

The IE update is rated "critical"  for Internet Explorer 6 on Windows clients, and for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Important for Internet Explorer 6 on Windows servers.

[ Patch Tuesday heads-up: Critical IE update among 13 bulletins ]

Microsoft also called special attention to MS11-058, a "critical" bulletin that addresses a pair of serious security holes in the Windows DNS Server.

The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk, Microsoft explained.

In an attack scenario, the company said that a malicious attacker can send a name resolution request to the victim DNS server that is configured to issue requests to a malicious DNS server.  Because of the vulnerabilities, the response from the malicious DNS server to the  victim DNS server is improperly handled, resulting in a denial-of-service condition on the victim DNS server.

The Windows DNS Server update is rated "critical" for 32-bit and x64-based editions of Windows Server 2008, and x64-based editions of Windows Server 2008 R2; and Important for all supported editions of Windows Server 2003.

The August Patch Batch also fixes these serious problems:

• MS11-063: An "important" vulnerability in Windows Client/Server Run-time Subsystem that allows privilege escalation if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. Microsoft expects to see reliable exploits developed within the next 30 days.
• MS11-062: A vulnerability in the Remote Access Service NDISTAPI Driver.  This could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability and take complete control over the affected system.  Microsoft warns that reliable exploits could be developed within the next 30 days.
• MS11-064: Provides patches for a pair of vulnerabilities in the TCP/IP stack. The vulnerabilities could allow denial-of-service (blue screen) if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.  Microsoft said there is no exploit possible for code execution.

This month's patch release also includes fixes for denial-of-service bugs in Remote Desktop Protocol (MS11-065); a pair of code execution holes in Microsoft Visio (MS11-060); a solitary bug in ASP.NET Chart Controls that causes information disclosure (MS11-066); a data exposure flaw in Microsoft Report Viewer (MS11-067); and an elevation of privilege bug in Remote Desktop Web Access (MS11-061).