Eight security updates are now available from Microsoft that address twenty-three flaws in Internet Explorer (IE), Windows, Framework, .Net, Silverlight and some others under its portfolio.
Out of the eight, two updates are tagged as “critical,” the highest ranking set by Microsoft for serious threats. These two patches are MS11-081 and MS11-078, the former is for Internet Explorer while the latter is for Silverlight and .Net. Microsoft and external researchers all suggest that users should first apply these two.
Jason Miller, from VMware’s research and development team mentioned that MS11-081 must be immediately set up. He noted that IE updates should always be applied at once every time a new one comes out.
The MS11-078 patch comes in next. It involves Silverlight, a MS application framework utilized in online apps and content-intensive sites; and .Net, a Windows-centric software framework.
Miller mentioned that “It’s cross-browser and cross-platform.” The flaw is targeted by hackers wanting to exploit not only IE users but also Mac owners who make use of the Silverlight plug-in in their browser.
Vulnerabilities for Internet Explorer, .Net and Silverlight can be exploited by attackers through luring users to check out websites that are malicious or the so-called “drive-by download” style.
Mac users who are using Silverlight can download and install the latest version of the plug-in from the Silverlight website.
The nCircle Security’s Andrew Storms pointed out that MS11-078 brings in something new from what “we’re used to” bugs because of three distinct attack vectors. The security operations director added that the exploitation of web hosting is also potentially high.
Microsoft mentioned in its bulletin that if it is allowable in your Web hosting environment to upload ASP.NET custom apps then hackers can upload ASP.NET applications that are malicious. This vulnerability paves the way for creating harmful actions on the server system.
Storms said that it’s typical of Microsoft to bi-monthly patch its browser that is why currently topping the list is Internet Explorer.
Six of the eight updates were rated “important.” This is second in line to Microsoft’s “critical” tag.
Out of the 23 vulnerabilities addressed by Microsoft with its patches, 13 are marked as “important” while nine are pegged as “critical” and one is rated as “moderate.” Fifteen of these 23 bugs are tagged to Internet Explorer while the remaining eight effect one or more versions of the Windows server or certain editions of Microsoft’ client.