MS11-020 (KB2508429) Upgrading from Critical to PATCH NOW

Published: 2011-04-15. Last Updated: 2011-04-15 12:22:18 UTC
by Kevin Liston (Version: 2)
8 comment(s)

Based on notifications received from Microsoft we are upgrading the rating of MS11-020 (KB 2508429, CVE-2011-0661) from Critical to PATCH NOW.  See: http://isc.sans.edu/diary.html?storyid=10693 for the full table.

The Remote Code Exploit is possible without authentication, so this presents a serious risk to internal networks.  Think Downadup/Conficker, or think lateral movement if that will help motivate patching.

Also note that this patch requires a reboot of your system.

Please submit any reports of weponization/exploits, or impacts from applying the patch.

Sorry.

-KL

Keywords: MS11020
8 comment(s)

Comments

How long it would be take to appear a new Downadup/Conficker reloaded?...Additionally, no problems detected on Win XP SP3 for this patch (including the others).

Adrián González

Apr 15th 2011
1 decade ago

Downandup/Conficker reloaded? It is still loaded! I bet you find it all over the place still. So reloaded is not even necessary to disrupt things. Retooling, no doubt already planned by someone out there. I know it gives us all work, but hey, enough already!

Al of Your Data Center

Apr 15th 2011
1 decade ago

Does anyone have any information on if this is being actively worked on?
How worried should we be of this?

Mike

Apr 15th 2011
1 decade ago

The silence is deafening..

This freaked me out, and I've heard not a word from anyone else. I talked to our TAM at MS and had him check internally, he says no changes to the severity and no new info that he can find.

Until I see this corrobarated somewhere else I can't take action on it. But this vulnerability should be in testing now as direct threat or no, it's bad.

Frank

Apr 15th 2011
1 decade ago

Sorry, I meant "this patch", not "this vulnerability".

Frank

Apr 15th 2011
1 decade ago

Don't fret Frank. It's just a Patch now alert. If I had exploit code, I would have raised the infocon to Yellow by now. All I have is a vulnerability that by MS's assessment could be allow unauthenticated remote code execution. Put that one at head of your test/deploy queue.

KL

Apr 15th 2011
1 decade ago

The upgrade rating of MS11-020 is not on the Security Bulletin of Microsoft nor on the KB Article of the Securty Update. So there is no reason to panic.
This patch can be tested and then applied... Zero should be only considered if mentioned by Microsoft

PatchMgmt

Apr 15th 2011
1 decade ago

fwiw, applied all 3 'patch now's to about 100 win2k3 and a few 2k8 servers this weekend... all were quick and without issue. rest will be applied very soon

thegeeknme

Apr 17th 2011
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives