Another Microsoft Patch Tuesday is upon us. This month I was surprised that two vulnerabilities making headlines recently were not included in this Microsoft Patch Tuesday, namely the 0-day Windows SMB Vulnerability and the reported “Pwn2Own” IE vulnerability. The best way to remediate any vulnerability is to apply a patch provided by the vendor, and it’s puzzling why Microsoft is delaying the release of patches for these widely publicized vulnerabilities.
To further aid in your efforts to evaluate the exposures presented by the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:
- MS11-015 - Vulnerabilities in Windows Media Could Allow Remote Code Execution - Nessus Plugin ID 52583 (Credentialed Check)
- MS11-016 - Vulnerability in Microsoft Groove Could Allow Remote Code Execution - Nessus Plugin ID 52584 (Credentialed Check)
- MS11-017 - Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution - Nessus Plugin ID 52585 (Credentialed Check)
- Microsoft Security Bulletin Summary for February 2011
- OSVDB Microsoft Bulletins - Complete Reference
- March 2011 Security Bulletin Release (Microsoft Security Response Center Blog)