The Latest in IT Security

Running Windows Server 2008? Patch.

09
Nov
2011

This month’s Microsoft Updates includes an interesting vulnerability:

MS11-083
Microsoft Security Bulletin MS11-083

“This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.”

A continuous flow of UDP packets? Remote code execution indeed.

This affects Windows Vista, Windows 7, and Windows Server 2008. Fortunately, most Vista and 7 users will soon be patched via their monthly automatic updates. But what about Server 2008? Server administrators need to schedule updates that involve restarts. Better schedule this update sooner than later.

Microsoft expects only “inconsistent exploit code likely”. But due to the critical nature of the vulnerability, they advise that this is a top deployment priority, see their handy chart for details.

“This security update resolves a privately reported vulnerability…”

That’s probably a reference to Microsoft’s bug bounty program. Kudos to the white hat out there that reported this to Microsoft rather than selling it on the black market.

—————

The best thing about UDP jokes is that I don?t care if you get them or not.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments