Microsoft Unleashes Record Breaking Patch Tuesday – April 2011


We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program.

That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities in Windows, Office and a few other software packages.

So if you’re running any Windows installations anywhere, make sure you get your Windows Update on ASAP and get those patches downloaded.

Microsoft has patched a record 64 vulnerabilities in Windows, Office and five other software packages, many of which allowed attackers to remotely install malware on end user machines.

The most important fixes addressed a vulnerability in the Internet Explorer browser that was exploited in last month’s Pwn2Own contest. Although details were kept confidential, hackers have begun exploiting the critical flaw in real-world attacks, Microsoft warned. The use-after-free vulnerability affects versions 8 and earlier of the Microsoft browser.

The other top priority should be updates that patch critical vulnerabilities in the way Windows handles networking requests using the SMB, or Server Message Block, protocol. By sending malformed packets, attackers can remotely install malware on vulnerable machines with no user interaction required.

Researchers have warned that the flaw could be exploited to install self-replicating worms in much the way a similar vulnerability from 2008 did. Even after Microsoft issued an emergency patch for the flaw, it still opened the door to the Conficker Worm, which commandeered millions of machines.

If you remember back in March we reported on Day One At Pwn2Own Takes Out Microsoft Internet Explorer and Apple Safari, they’ve fixed that flaw – which has been exploited in the wild.

I think Pwn2Own does play an important role in the security industry and really helps get some nasty bugs patched up. Of course I don’t think any of us are using Internet Explorer anyway…but still – a lot of people are.

Even on this site 18.3% of visitors are still using some version of IE (with the majority using 8, then 7 then 9 with 6 thankfully in 4th place).


The monster patch batch also included relief for another flaw in all supported versions of Windows that Google has said was being exploited by “politically motivated” attackers against activists. The MS11-026 update fixes the way Windows parses webpages containing MIME-formatted content.

Microsoft also introduced two tools that are designed to thwart malware attacks. One extends a protection known as Office File Validation to older versions of Office. The feature, which was previously available only to users of Office 2010, helps users to identify malicious Office files by scanning and validating them before they are opened.

The second tool is an update to the winload.exe component that helps flag device drivers that have been booby-trapped to install malware.

The patches were released in 17 bulletins, nine of which carried a rating of “critical,” a designation typically reserved for vulnerabilities that can be remotely exploited to install malware or expose sensitive user data. The remaining eight bulletins were rated “important.”

If you just wanna get down to the details of the patches and what was released, you can read the summary from Microsoft here:

April 2011 Security Bulletin Release

Also check this out:

Assessing the risk of the April security updates

And of course SANS always has a useful recap:

April 2011 Microsoft Black Tuesday Summary

Source: The Register

Posted in: Countermeasures, Exploits/Vulnerabilities, Security Software, Windows Hacking

, , , , , , , ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


One Response to Microsoft Unleashes Record Breaking Patch Tuesday – April 2011

  1. CBRP1R8 April 15, 2011 at 9:44 pm #

    MS/ISC SANS released and update on MS11-020 today going from a HIGH to a PATCH now. Everyone’s watching closely for the first exploit cause this appears to be similarly easy to use as a conficker type attack with no authentication required, now.