Microsoft September 2011 Patch Tuesday - Info from Symantec

 

Today, Microsoft issued five security bulletins which addressed 15 vulnerabilities. None of this month’s vulnerabilities are rated critical by Microsoft.

 

“Although none of this month’s patches are rated critical, we strongly urge users to pay extra close attention to the Office Uninitialized Object Pointer Vulnerability,” said Joshua Talbot, security intelligence manager, Symantec Security Response. “It seems to be a fairly easy to exploit memory corruption issue and leverages extremely common Word files to attack users’ computers.”

 

“Microsoft is also patching two vulnerabilities that are already in the public realm, but neither are of too great a concern,” Talbot added. “The first is the HTML Sanitization Vulnerability, which is simply an information disclosure issue. The other is the Insecure Library Loading Vulnerability, which is part of the ongoing DLL issue that the company has been working on correcting for more than a year now. We’ve yet to see any exploits targeting one of these vulnerabilities.”

 

“Despite the number of patches Microsoft issued today, it’s important to not let the out of band advisory Microsoft updated last week slip through the cracks,” Talbot concluded. “The advisory essentially revokes Microsoft’s trust of various DigiNotar certificates. This update should probably be kept at the top of IT admins’ to-do lists – even before any of today’s patches – as there are attacks occurring in the wild leveraging the compromised certificates.”

 

Symantec strongly encourages users to patch their systems against all vulnerabilities addressed this month.

 

Please visit the Symantec Security Response blog for more information and also let me know if you’re interested in speaking with a Symantec expert in greater detail about any of the vulnerabilities addressed this month.

 

The Symantec Security Response blog can be viewed here:

http://www.symantec.com/connect/symantec-blogs/sr

 

Additional information on Microsoft’s security bulletins can be found here:

http://www.microsoft.com/technet/security/bulletin/ms11-sep.mspx