Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Patch Tuesday arrives early, apparently by mistake


09 Sep 2011   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Patch Tuesday arrives early, apparently by mistake

Quote:
Microsoft’s security infrastructure normally operates on a schedule that a Swiss stationmaster would admire. This month the train jumped the rails.

Yesterday, as usual, the Microsoft Security TechCenter published its Advance Notification for September 2011. The post is a heads-up for IT professionals that next Tuesday’s monthly security updates will include five bulletins.

Today, someone jumped the gun and posted the details of those bulletins four days early.

Johannes Ulrich of the Internet Storm Center flagged the details of four of those patches in a post this morning. For a few minutes, the links on that page were live, although Microsoft appears to have quickly hit the Unpublish button. Larry Seltzer of PCMag.com Security Watch identified the fifth bulletin.
  • MS011-70 Vulnerability in WINS could allow elevation of privilege
  • MS011-71 Vulnerability in Windows could allow remote code execution (DLL Linking Vuln.)
  • MS011-72 Arbitrary code execution vulnerability in Excel
  • MS011-73 Code execution vulnerability in Microsoft Office
  • MS011-74 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
Some of the detailed bulletins were live for an unknown period of time. The MS011-70 bulletin, for example, included this executive summary:
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

This security update is rated Important for servers running supported editions of Windows Server 2003, Windows Server 2008 (except Itanium), and Windows Server 2008 R2 (except Itanium), on which WINS is installed. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way WINS handles internal communication on the loopback address.
That link now returns a Page Not Found error.

The premature release is a major gaffe for Microsoft and could cause headaches for security professionals. The appearance of the security bulletin, which includes details about the vulnerabilities being fixed, is the starting gun of a race between bad guys trying to build exploits and IT pros scheduling patches to be applied on desktops and servers.
Read More:
This month's Patch Tuesday arrives early, apparently by mistake | ZDNet

Microsoft readies 5 'important' security updates

http://www.zdnet.com/blog/security/p...52?tag=nl.e539

Microsoft Security Bulletin Advance Notification for September 2011

http://technet.microsoft.com/en-us/s...letin/ms11-sep

My System SpecsSystem Spec
.

Reply

 Patch Tuesday arrives early, apparently by mistake




Thread Tools



Similar help and support threads for2: Patch Tuesday arrives early, apparently by mistake
Thread Forum
Here we are again-Patch Tuesday Windows Updates & Activation
Odd behaviour for this patch Tuesday (Oct.-09-12) Windows Updates & Activation
Patch Tuesday, Dec 13 2011 Security News
Patch Tuesday Windows Updates & Activation
Patch Tuesday - 6/9/10 Windows Updates & Activation
Patch Tuesday is in effect... Windows Updates & Activation
Next Patch Tuesday won't hit Windows 7 News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:00 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33