[FSec] Running Windows Server 2008? Patch.

Newsfeed

Nachrichtenbote
This month's Microsoft Updates includes an interesting vulnerability:

MS11-083.png

Microsoft Security Bulletin MS11-083

"This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system."

A continuous flow of UDP packets? Remote code execution indeed.

This affects Windows Vista, Windows 7, and Windows Server 2008. Fortunately, most Vista and 7 users will soon be patched via their monthly automatic updates. But what about Server 2008? Server administrators need to schedule updates that involve restarts. Better schedule this update sooner than later.

Microsoft expects only "inconsistent exploit code likely". But due to the critical nature of the vulnerability, they advise that this is a top deployment priority, see their handy chart for details.

"This security update resolves a privately reported vulnerability…"

That's probably a reference to Microsoft's bug bounty program. Kudos to the white hat out there that reported this to Microsoft rather than selling it on the black market.

—————

The best thing about UDP jokes is that I don’t care if you get them or not.
On 09/11/11 At 02:03 PM

Weiterlesen...
 
Zurück
Oben