Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Microsoft > Patches and Vulnerabilities

November 9th, 2011, 10:42 GMT · By

Patch Critical Windows 7 SP1 TCP/IP Vulnerability

SHARE:

Adjust text size:

Windows 7
Enlarge picture
Microsoft security patches for November 2011 are live and customers need to prioritize plugging a hole in the Windows TCP/IP stack which affects all releases of the operating system, including Windows 7 Service Pack 1 (SP1), but with the exception of Windows XP and Windows Server 2003.

Microsoft Security Bulletin MS11-083, rated Critical, is the one dealing with CVE-2011-2013, the Reference Counter Overflow vulnerability in the Windows TCP/IP stack.

But there are an additional three security bulletins from the software giant, patching just as many vulnerabilities, although none as severe as CVE-2011-2013.

“We are releasing four security updates, which will increase protection by addressing four privately reported CVEs in Microsoft Windows. As always, customers should plan to install all of these updates as soon as possible,” revealed Pete Voss, Sr. Response Communications Manager, Microsoft Trustworthy Computing.

“There is one bulletin, however, that we want to call out as a priority for our customers: MS11-083 (TCP/IP): This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow Remote Code Execution if an attacker sends a continuous flow of specifically crafted UDP packets to a closed port on a target system.”

Customers need to make sure that they deploy all November 2011 Windows security updates as soon as possible, while making sure that MS11-083 is a priority.

“The security update addresses the vulnerability by modifying the way that the Windows TCP/IP stack keeps track of UDP packets within memory,” Microsoft informed.

In addition to the vulnerability detailed above, Windows 7 SP1, as well as a number of older releases of Microsoft platforms, are also impacted by MS11-084, MS11-085 and MS11-086.

However, just two of the remaining security bulletins are rated Important, with MS11-084 being considered as posing a Moderate risk to users.

As previously revealed, the Redmond company has not issued a security update to resolve the Critical zero-day vulnerability used by the Duqu malware in order to spread, as part of the November 2011 Patch Tuesday releases. However, a fix is indeed coming for the Duqu 0-day, although most likely it will be an out-of-band update.


4,134 hits · 1 comment
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


No Patch for Critical Duqu 0-Day Vulnerability in Windows Next Week
Download Automatic Fix for Duqu 0-Day Vulnerability in Windows Kernel
Microsoft to Plug 0-Day Hole in Windows Kernel Exploited by Duqu
Diagnostics and Recovery Toolset (DaRT) Documentation Available
Windows 7 SP1 Can Crash If Command Prompt Is Opened and Closed Repeatedly

READER COMMENTS:


Comment #1 by: Murthy on 21 Nov 2011, 12:49 UTC reply to this comment

How to rectify email configuration in lotus notes performance is very slow in windows 7

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use