Microsoft released today 4 security bulletins, with one marked as critical, the other two important, and the last one moderate. Interestingly, the majority of bulletins only apply to newer versions of Windows, like Vista, 7 and 2008. XP and 2003 users are only affected by bulletin MS11-086, which is rated important.
The first bulletin MS11-083 should be patched with the highest urgency. It addresses a remote code execution vulnerability in the TCP/IP stack of WIndows. Since this vulnerability does not require any user interaction or authentication, all Windows machines, workstations and servers that are on the Internet can be freely attacked. The mitigating element here is that the attack is complicated to execute, and Microsoft has given it an Exploitability index of "2," meaning that the exploit code is inconsistent, but otherwise this has all the required markings for a big worm. This is the patch to apply this month if you have Vista, Windows 7 or Windows 2008 including R2.
One of the remaining bulletins covers a DLL preloading vulnerability in Windows Mail (MS11-085). DLL preloading vulnerabilities have been around since August of 2010. We have been recommending that our customers implement the generic workaround described by Microsoft in advisory 2264107, which hardens Windows to ignore the typical attack vector used by DLL preloading. This is exactly the aim of "Software Hygiene" – configure the OS and applications in a way that they become impervious to common classes of attack. Head over to our Qualys community and get into the discussion with us and your peers on "Software Hygiene."
In other important news, Microsoft has acknowledged in advisory 2639658 a new 0-day vulnerability in the embedded font handling of Windows. This vulnerability can be attacked through specially grafted documents or even webpages. It is related to the recent DuQu malware, and you can get the latest information on this from our Director of Vulnerability Research Rodrigo Branco.