MS11-020 (KB2508429) Upgrading from Critical to PATCH NOW

Published: 2011-04-15
Last Updated: 2011-04-15 12:22:18 UTC
by Kevin Liston (Version: 2)
8 comment(s)

Based on notifications received from Microsoft we are upgrading the rating of MS11-020 (KB 2508429, CVE-2011-0661) from Critical to PATCH NOW.  See: http://isc.sans.edu/diary.html?storyid=10693 for the full table.

The Remote Code Exploit is possible without authentication, so this presents a serious risk to internal networks.  Think Downadup/Conficker, or think lateral movement if that will help motivate patching.

Also note that this patch requires a reboot of your system.

Please submit any reports of weponization/exploits, or impacts from applying the patch.

Sorry.

-KL

Keywords: MS11020
8 comment(s)

Comments

How long it would be take to appear a new Downadup/Conficker reloaded?...Additionally, no problems detected on Win XP SP3 for this patch (including the others).
Downandup/Conficker reloaded? It is still loaded! I bet you find it all over the place still. So reloaded is not even necessary to disrupt things. Retooling, no doubt already planned by someone out there. I know it gives us all work, but hey, enough already!
Does anyone have any information on if this is being actively worked on?
How worried should we be of this?
The silence is deafening..

This freaked me out, and I've heard not a word from anyone else. I talked to our TAM at MS and had him check internally, he says no changes to the severity and no new info that he can find.

Until I see this corrobarated somewhere else I can't take action on it. But this vulnerability should be in testing now as direct threat or no, it's bad.
Sorry, I meant "this patch", not "this vulnerability".
Don't fret Frank. It's just a Patch now alert. If I had exploit code, I would have raised the infocon to Yellow by now. All I have is a vulnerability that by MS's assessment could be allow unauthenticated remote code execution. Put that one at head of your test/deploy queue.
The upgrade rating of MS11-020 is not on the Security Bulletin of Microsoft nor on the KB Article of the Securty Update. So there is no reason to panic.
This patch can be tested and then applied... Zero should be only considered if mentioned by Microsoft
fwiw, applied all 3 'patch now's to about 100 win2k3 and a few 2k8 servers this weekend... all were quick and without issue. rest will be applied very soon

Diary Archives