September 2011 Patch Tuesday

Today’s Microsoft Patch Tuesday would be quiet and normal, but Microsoft released an update (KB 2616676) continuing the saga of recent stolen DigiNotar certificates. The update revokes certificates signed by two Certificate Authorities (CAs): Entrust and Cybertrust who issued certificates on behalf of DigiNotar. Last month hackers broke into DigiNotar and created fake certificates for sites including Google, Facebook, Skype and other companies. Microsoft (KB2607712), Mozilla (advisory), Opera (advisory) and Apple (2011-005) released an update to revoke the certificates. On September 6 Microsoft updated 2607712 for Windows XP and Server 2003 which do not use the Microsoft Certificate Trust List to validate the trust of a CA. Today’s update will revoke six more certificates issued by Entrust and Cybertrust on behalf of DigiNotar and will replace 2607712. We will continue to monitor the other vendors as they implement these changes and will update this blog as they occur.

Out of the patch Tuesday bulletins released today, top priority should be given to MS11-072 which fixes an arbitrary code execution vulnerability in Excel. It affects all versions of Excel including the most recent 2010 version. To exploit this issue, attackers could create malicious Excel files, which, when opened on vulnerable hosts, can take control of the system. Priority should also be given to MS11-073 which fixes a code execution vulnerability in Microsoft Office versions 2003, 2007 and 2010, including Microsoft Word. Attackers could use a malicious word file (CVE-2011-1982) to execute code on victim machines.

A DLL preloading issue was fixed in MS11-071 which affects the deskpan.dll component and affects all versions of Windows. More information about DLL preloading and workarounds can be found in advisory 2269637 from last year. Two elevation of privilege issues were fixed by MS11-074 and MS11-070 which affect Sharepoint 2007, Sharepoint 2010 and WINS for Windows Server 2003, Server 2008 respectively.

In addition to today’s Microsoft Patch Tuesday, Adobe released security update APSB11-24 which fixes critical vulnerabilities in Adobe Reader and Acrobat. Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.