From Jerry Bryant @ the Microsoft Security Response Center:
On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details.
A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections. The results from our analysis concluded that none of the top malware families in the first half of 2011 were known to be distributed through the use of 0-days, and while some smaller families did take advantage of 0-day vulnerabilities, less than 1 percent of all exploit attempts were against zero-day issues.
The key takeaway from SIRv11 is how malware is actually being distributed - social engineering, Autorun feature abuse, file-infection, exploits (with updates available) and brute force password attacks. Many of these attacks can be avoided with fundamental security practices, such as downloading security updates once available or ensuring that you have Automatic Updates enabled on your system. Automatic Updates help to ensure that computers are protected against new and ongoing security threats and that Windows continues to function smoothly.
Speaking of which, as we do each month, today we are releasing security updates to help protect customers. As I mentioned in the Advance Notification Service blog on Thursday, today we are releasing eight security bulletins, two of which are rated Critical, the remaining rated Important.
These bulletins will increase protection by addressing 23 unique CVEs in Microsoft products. As always, customers should plan to install all of these updates as soon as possible. There are two bulletins that we want to call out as priorities for our customers:
• MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
• MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Turn up the volume with our Apple Byte sweeps!
Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.