This month Microsoft released 8 security bulletins, including patches for some interesting vulnerabilities. For example, MS11-075, MS11-076, and MS11-077 all address a type of vulnerability triggered by a user accessing a file share. In Microsoft's own words the user must "open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file". MS11-077 describes a similar vulnerability, that achieves the same effect using a font file (.fon extension). In all cases, the vulnerability can be triggered when accessing an SMB or WebDAV share. Vulnerabilities such as these allow attackers to compromise vulnerable systems as they are encountered. It can be a difficult problem to solve, as finding all of the files triggering the exploit could be difficult, especially if you have a very large network with several file shares. Of course, the best solution is to apply the patches provided by Microsoft across your environment.
In MS11-082, Microsoft describes "vulnerabilities [that]could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478." The risk, in Microsoft's eyes, is minimal as "Firewall best practices" should protect you. Firewalls, really? Anyone who's had a user workstation compromised should have realized that firewalls do little to protect the "internal" network.
To help evaluate the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:
- MS11-076 - Nessus Plugin ID 56450 (Credentialed Check)
- MS11-077 - Nessus Plugin ID 56451 (Credentialed Check)
- MS11-078 - Nessus Plugin ID 56452 (Credentialed Check)
- MS11-079 - Nessus Plugin ID 56453 (Credentialed Check)
- MS11-080 - Nessus Plugin ID 56454 (Credentialed Check)
- MS11-081 - Nessus Plugin ID 56455 (Credentialed Check)
- MS11-082 - Nessus Plugin ID 56456 (Credentialed Check)
- Microsoft Security Bulletin Summary for October 2011
- OSVDB Microsoft Bulletins - Complete Reference
- October Update Tuesday: Security Intelligence Report volume 11 announced