Help
October 2011 Windows Updates
Oct 12 2011 04:00 AM | JudyC in Windows Updates
October's security bulletin is here: http://technet.micro...lletin/ms11-oct
CF recommends waiting a week to ten days to install updates rolled out on patch Tuesday. There have been numerous times when an update has resulted in major problems. By waiting, you have a greater assurance that any major issues have been resolved and/or an update may be pulled from release if the major issues cannot be resolved. This caveat does not apply to out-of-cycle critical security updates which should be installed as soon as they are released.
Keep in mind that you may not be offered all of these updates depending on the version of Windows on your computer and whether or not you have MS Office installed or other indicated software installed. In addition, the severity level and KB number of the update may vary based upon the same. Check the bulletin for specific information.
We only post Critical and Important security related update information here. As a general rule, you should not install any offered driver updates unless you are certain your pc manufacturer or hardware manufacturer's sites specifically state that is how updates are rolled out. "Recommended" updates should be checked out thoroughly before installing. If you do not have the issue the recommended updates are supposed to address, or do not wish to install the programs they offer, you may not need the update. In addition, if you install a recommended update without having the issue it addresses, it may cause problems.
If you have problems with any updates:
Start a free Windows Update support incident request: https://support.micr...aspx?gprid=6527
Support for Windows Update: http://support.micro...om/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary.
For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site: http://support.micro...l.aspx?rdpath=4
North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the same site.
----------------------------------------------
KB2604930 - Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
This is a critical update for all currently supported operating systems with .NET Framework installed.
More information here: http://technet.micro...lletin/ms11-078
----------------------------------------------
KB2586448 - Cumulative Security Update for Internet Explorer
This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Severity rating and thus, importance, varies depending on operating system and version of IE installed, but for most of us, this will be a critical update. It affects all currently supported versions of Internet Explorer.
For more information and severity rating, see this: http://technet.micro...lletin/ms11-081
----------------------------------------------
KB2623699 - Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-075
----------------------------------------------
KB2604926 - Vulnerability in Windows Media Center Could Allow Remote Code Execution
This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-076
----------------------------------------------
KB2567053 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-077
----------------------------------------------
KB2544641 - Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution
This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-079
----------------------------------------------
KB2592799 - Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-080
----------------------------------------------
KB2607670 - Vulnerabilities in Host Integration Server Could Allow Denial of Service
This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-082
----------------------------------------------
Remember to set a restore point on your computer before installing new Windows updates, and again, waiting a week or so to install is a good idea.
CF recommends waiting a week to ten days to install updates rolled out on patch Tuesday. There have been numerous times when an update has resulted in major problems. By waiting, you have a greater assurance that any major issues have been resolved and/or an update may be pulled from release if the major issues cannot be resolved. This caveat does not apply to out-of-cycle critical security updates which should be installed as soon as they are released.
Keep in mind that you may not be offered all of these updates depending on the version of Windows on your computer and whether or not you have MS Office installed or other indicated software installed. In addition, the severity level and KB number of the update may vary based upon the same. Check the bulletin for specific information.
We only post Critical and Important security related update information here. As a general rule, you should not install any offered driver updates unless you are certain your pc manufacturer or hardware manufacturer's sites specifically state that is how updates are rolled out. "Recommended" updates should be checked out thoroughly before installing. If you do not have the issue the recommended updates are supposed to address, or do not wish to install the programs they offer, you may not need the update. In addition, if you install a recommended update without having the issue it addresses, it may cause problems.
If you have problems with any updates:
Start a free Windows Update support incident request: https://support.micr...aspx?gprid=6527
Support for Windows Update: http://support.micro...om/gp/wusupport
For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary.
For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site: http://support.micro...l.aspx?rdpath=4
North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the same site.
----------------------------------------------
KB2604930 - Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
This is a critical update for all currently supported operating systems with .NET Framework installed.
More information here: http://technet.micro...lletin/ms11-078
----------------------------------------------
KB2586448 - Cumulative Security Update for Internet Explorer
This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Severity rating and thus, importance, varies depending on operating system and version of IE installed, but for most of us, this will be a critical update. It affects all currently supported versions of Internet Explorer.
For more information and severity rating, see this: http://technet.micro...lletin/ms11-081
----------------------------------------------
KB2623699 - Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-075
----------------------------------------------
KB2604926 - Vulnerability in Windows Media Center Could Allow Remote Code Execution
This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-076
----------------------------------------------
KB2567053 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-077
----------------------------------------------
KB2544641 - Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution
This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-079
----------------------------------------------
KB2592799 - Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-080
----------------------------------------------
KB2607670 - Vulnerabilities in Host Integration Server Could Allow Denial of Service
This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.
See this page for more information and severity rating: http://technet.micro...lletin/ms11-082
----------------------------------------------
Remember to set a restore point on your computer before installing new Windows updates, and again, waiting a week or so to install is a good idea.
