NEWS FROM THE LAB - Wednesday, November 9, 2011

Running Windows Server 2008? Patch. Posted by Sean @ 14:03 GMT

This month's Microsoft Updates includes an interesting vulnerability:

Microsoft Security Bulletin MS11-083

"This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system."

A continuous flow of UDP packets? Remote code execution indeed.

This affects Windows Vista, Windows 7, and Windows Server 2008. Fortunately, most Vista and 7 users will soon be patched via their monthly automatic updates. But what about Server 2008? Server administrators need to schedule updates that involve restarts. Better schedule this update sooner than later.

Microsoft expects only "inconsistent exploit code likely". But due to the critical nature of the vulnerability, they advise that this is a top deployment priority, see their handy chart for details.

"This security update resolves a privately reported vulnerability…"

That's probably a reference to Microsoft's bug bounty program. Kudos to the white hat researcher out there who reported his findings to Microsoft rather than selling the vulnerability on the black market.


The best thing about UDP jokes is that I don�t care if you get them or not.