Microsoft fixes gaping hole in Windows TCP/IP stack

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Microsoft urges Windows users to treat this update with the utmost priority.
Written by Ryan Naraine, Contributor

Microsoft has released its November batch of security bulletins with fixes for at least four documented vulnerabilities affecting the Windows operating system.

The updates address remote code execution and denial-of-service issues in all versions of Windows and Microsoft is urging its user base to pay special attention to MS11-083, which covers a gaping hole in the Windows TCP/IP stack.

The raw details:

A remote code execution vulnerability exists in the Windows TCP/IP stack due to the processing of a continuous flow of specially crafted UDP packets. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Because of the "critical" nature of this update, Microsoft is urging Windows users and administrators to treat MS11-083 with the utmost priority.

The company also fixed a serious vulnerability in Windows Mail that exposes users to hacker attacks via the Web browser.

Some basic details via the MS11-085 bulletin:

The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

Microsoft expects to see functional exploit code for this vulnerability within the next 30 days.

The November Patch Tuesday batch also contains fixes for a privilege escalation flaw in Active Directory (MS11-086) and a vulnerability in Windows kernel mode drivers (MS11-084) that could allow denial-of-service attacks.

Editorial standards