Qualys: May 2011 Patch Tuesday
May 2011 by Qualys
Today, Microsoft released two patches in the May 2011 security bulletin. This continues the cycle of smaller and larger patches on alternate months.
MS11-035 is rated as critical and affects the WINS component of Windows 2003 and 2008 server operating systems. WINS (like DNS) is a name resolution service. WINS resolves names in the NetBIOS namespace (like DNS which resolves names in the DNS domain). WINS is not enabled by default in Windows 2003 and 2008, but server administrators who have it enabled should apply the patch immediately as attackers could remotely cause a denial of service. The exploitability index is 2 which imply that remote code execution is not likely, but denial of service is possible.
MS11-036 affects Microsoft Office Power Point and is rated important. As it happened before on several occasions, users of the new Office 2010 for both Windows and Mac OS X are not affected by the vulnerability. Older versions like Office XP, 2003, 2007 and 2004 for Mac are affected. Using this vulnerability, an attacker could take full control of the target machine if a victim opens a malicious power point document.
The two patches released today came with a new and improved exploitability index rating that was announced by Microsoft. The original rating is split into a rating for the most recent version of the software, and an aggregate rating for all older versions. For example in MS11-036 the latest version, which is Office 2010, was not affected. Therefore the exploitability rating for the latest version was ’Not Affected’ and for older platforms was 2. The new rating more accurately reflects risk to customers that keep their environments updated with latest product releases.
Today’s release provided a breather for administrators so they can brace themselves for a larger update next month.
Patch Tuesday en video : http://www.youtube.com/user/QualysG...