Posted on 11 January 2011.Today Microsoft released two security bulletins, one rated Critical and one rated Important, to address a total of three vulnerabilities in Microsoft Windows and Windows Server.
Microsoft also released a revision to Advisory 2488013 to include another protective mitigation for customers to use if needed.
Qualys CTO Wolfgang Kandek comments:
MS11-002 is the more important one of the two bulletins. It is a critically rated vulnerability in the MDAC OS component, aff...
ects all versions of the Windows Operating system and can be triggered by browsing to a malicious website.
MS11-001 provides a patch for a DLL-preloading issue in the Windows Backup Tool. It is rated important and is only applies to Windows Vista. While DLL preloading is an old systemic issue in Windows and many other operating systems, it gained new attention in August of last year, when many vulnerable applications were identified.
Secunia maintains a list of Microsoft and 3rd party applications that have been shown vulnerable to the DLL preloading attacks. The list has over 200 vulnerable programs and includes the Vista Backup vulnerability that is being fixed today (SA41122).
Given the scope of the DLL preloading vulnerabilities we highly recommend implementing the work-around that Microsoft describes in Security Advisory 2269637 and KB2264107, which neutralizes the most common attack vectors on the operating system level.
Microsoft has not seen active attacks seeking to exploit any of the vulnerabilities, but users should test and deploy all updates as soon as possible to help prevent criminal attacks.
To learn more about patching challenges and techniques read our interview with Wolfgang Kandek who offers his extensive knowledge on the subject.