Patch Notes For November 2011

This month’s patch Tuesday patch information based on our internal analysis. Feel free to leave a comment if you have additional information on any of these patches.

New Security Bulletins

Severity

MS11-083 The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.

 

MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

http://technet.microsoft.com/en-us/security/bulletin/ms11-083

 

Severity: Critical

KB in Kaseya: KB2588516

Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

Critical

MS11-084 The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file.

 

MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)

http://technet.microsoft.com/en-us/security/bulletin/ms11-084

 

Severity: Moderate

KB in Kaseya: KB2617657

Affected Software: Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

Moderate

MS11-085 The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.

 

MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)

http://technet.microsoft.com/en-us/security/bulletin/ms11-085

 

Severity: Important

KB in Kaseya: KB2620704

Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

Important

MS11-086 The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain.

 

MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

http://technet.microsoft.com/en-us/security/bulletin/ms11-086

 

Severity: Important

KB in Kaseya: KB2601626, KB2616310

Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7

Known Issues per MS: None

 

Important