Microsoft today issued 4 updates to Windows and Office fixing a total of 22 vulnerabilities, just one of them rated critical. The first and most serious is MS11-053: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution, which patches a single vulnerability (CVE-2011-1265) in the Windows 7 and Vista Bluetooth stacks. This is a remote code execution vulnerability over a wireless protocol, but it's not as serious as it first sounds.
There are considerable mitigating factors. Microsoft gives this bug an exploitability index rating of 2, meaning that they don't expect reliable exploit code to turn up. Attacks would likely, at worst, amount to a denial of service, i.e. a crash. And of course, the system has to have Bluetooth enabled in order to be vulnerable.There is also a discoverability challenge to any attack; by default, Bluetooth addresses are not discoverable. If you were in communication with a device that wished to attack there are ways to brute force the address, but these are time-consuming and would get past just one of the many barriers to attack here.
MS11-054 is Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege which fixes 15 elevation of privilege vulnerabilities, affecting all versions of Windows and all rated important. The attacker must have valid logon credentials and ability to log on locally. Almost all of these were reported by Tarjei Mandt of Norman, who has made a study of this part of Windows.
MS11-055 fixes a single remote code execution vulnerability in Visio 2003 SP3. This is another of the remote binary planting bugs which Microsoft has been fixing in various products for some time and will for some time to come.
Finally,
MS11-056: Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege fixes 5 vulnerabilities in the CSRSS of every version of Windows. As with MS11-054, the attacker must have valid logon credentials and ability to log on locally.
Microsoft also released a number of non-security updates for Windows including the usual Windows Mail Junk Filter and MSRT (Malicious Software Removal Tool). Other updates affect Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista and Windows Embedded Standard 7.
Microsoft also released a number of non-security updates for Windows including the usual Windows Mail Junk Filter and MSRT (Malicious Software Removal Tool). Other updates affect Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista and Windows Embedded Standard 7.
-News Source (PC Blog)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
Microsoft
,
security-news
