April 2011 MS Patch Tuesday - 17 patches, 64 vulnerabilities

Filed Under: Malware, Microsoft, Vulnerability

Man with an eye patchMicrosoft released their security update bundle this morning covering a large swath of products. The most critical fixes for most people affect Windows and Microsoft Office.

Fifteen of the updates address Remote Code Execution (RCE) flaws. If exploited, these bugs could allow an attacker to execute arbitrary code on the victim's system.

Fortunately, all but one of these flaws only allow the code to run in the context of the currently logged in user. Assuming your users are not running as Administrators, this limits the attack to only running code and accessing files on that user's account.

One exception is MS11-032, a vulnerability in OpenType fonts, which allows kernel-level remote code execution. This flaw was privately disclosed and has not appeared in the wild to date.

Another long awaited fix that Microsoft delivered this month is MS11-026. I wrote about this vulnerability back in January. It is better known as the MHTML vulnerability.

The flaw in Internet Explorer 6, 7 and 8 that was used at this year's Pwn20wn contest was also fixed. The update is known as MS11-018 and Sophos detects known malware attacking this vulnerability as Troj/ExpJS-BV.

Microsoft has rated nine of these patches as Critical, and as with most security updates, we encourage everyone to apply them as soon as they are able. SophosLabs has analyzed these bulletins as well and gives them a rating of Medium.

SophosLabs have published their findings for this months patches on our Vulnerability Analysis page.

Time to get patching! For a complete view of the threat landscape and the trends we are seeing in SophosLabs, download our 2011 Threat Report.

, , , ,

You might like

2 Responses to April 2011 MS Patch Tuesday - 17 patches, 64 vulnerabilities

  1. Office for Mac 2011 got a big fix too.

  2. Al Kondor · 1210 days ago

    But there are so many problems with these updates...
    7 of them failed to update here...
    I saw many people with the same problems regarding other updates

    why so many failures ??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.