Summary:
- These vulnerabilities affect: All current versions of Windows and components that ship with it
- How an attacker exploits them: Multiple vectors of attack, including enticing your users into visiting malicious websites or opening specially crafted files
- Impact: In the worst case, an attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you
Exposure:
Today, Microsoft released two security bulletins describing three vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
- MS11-002: MDAC Code Execution Vulnerabilities
- MS11-001: Backup Manager Insecure Library Loading Vulnerability
Microsoft rating: Important
Researchers or “gray hats” have already posted exploit code for at least one of these vulnerabilities on a public exploit forum. We recommend you download and install both these updates as quickly as possible, starting with the MDAC update.
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
- For Windows XP (w/SP3)
- For Windows XP x64 (w/SP2)
- For Windows Server 2003 (w/SP2)
- For Windows Server 2003 x64 (w/SP2)
- For Windows Server 2003 Itanium (w/SP2)
- For Windows Vista (w/SP1 or SP2)
- For Windows Vista x64 (w/SP1 or SP2)
- For Windows Server 2008 (w/SP2)
- For Windows Server 2008 x64 (w/SP2)
- For Windows Server 2008 Itanium (w/SP2)
- For Windows 7
- For Windows 7 x64
- For Windows Server 2008 R2
- For Windows Server 2008 R2 x64
For All WatchGuard Users:
In most cases, these attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches correcting these issues.
References:
This alert was researched and written by Corey Nachreiner, CISSP.