Microsoft patches critical hole in Windows

Yesterday was Patch Tuesday and Microsoft fixed a critical hole in Windows and two less serious holes in Office in one of the lightest Patch Tuesdays in recent history. These patches are still important for network and computer security but these shouldn’t drag you into a false sense of security.

The security bulletin, MS11-035 is rated as Critical and fixes a vulnerability in the Windows Internet Name Service (WINS) of Windows Server 2003 and 2008 that can be remotely exploited. The exploit could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service according to the Microsoft Security Bulletin Summary for May 2011. WINS service is not enabled by default in both Windows Server 2003 and 2008 so IT admins, who have not enabled the service, have nothing to worry about. But, those who enabled WINS should apply the patch immediately to avoid any system compromises. However, thanks to the improved security of the more current Windows Server 2008, it has less risk than Windows Server 2003. Built-in protections such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in Server 2008 will be likely to keep most attackers from a complete takeover but lack of the ASLR protection, Server 2003 are more likely to have a complete system compromise.
"The most important patch this month will be the WINS bulletin. Microsoft is downplaying the bug, but there is potential here for remote code execution,” and total control of the computer said Andrew Storms, director of security operations for nCircle. He also added "WINS is a network aware application that does not require authentication, and many enterprises require WINS on their networks. Taken together, these factors mean that a lot of enterprises will find their internal network servers vulnerable to a remote code bug. Initially, most attackers will probably only trigger a DoS (denial-of-service) event, but finding the remote code exploit won’t be far behind."

The second bulletin, MS11-036, fixes two vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a malicious PowerPoint file. The vulnerabilities can affect Office XP, Office 2003, Office, 2007, Office 2004 for Mac and Office 2008 for Mac.
Microsoft also changed its Exploitability Index, the guide it uses to provide customers information on how likely a vulnerability is of being exploited. The company will be publishing two ratings per vulnerability, one for the most recent platform and a second as an aggregate rating for all older versions of the software.

Last month, Microsoft released 17 bulletins to fix 64 vulnerabilities including nine critical-rated  and eight important-rated vulnerabilities.