Overview of the November 2011 Microsoft patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY (*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches. -- |
Swa 760 Posts Nov 8th 2011 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Nov 8th 2011 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
MS says ms11-083 and ms11-084 don't affect XP or 2003.
|
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Nov 9th 2011 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
is it just me, or does 083 cry out "worm, worm, worm"?
|
Tom 5 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Nov 9th 2011 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
..or does the on-by-default Windows firewall largely mitigate?
|
Tom 5 Posts |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Nov 9th 2011 1 decade ago |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Based on the SRD blog posting, I suspect 083 will be tricky to exploit into actual remote code execution (and thus a worm). Basically, the attacher has to increment a counter through aggressive UDP packet floods. Then they have to somehow do the right thing right as the counter overflows to zero before the counter increments again. That's going to be somewhat tricky to time. See http://blogs.technet.com/b/srd/archive/2011/11/08/assessing-the-exploitability-of-ms11-083.aspx . Still, wise to patch.
|
Anonymous |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Nov 9th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!