WINS bug patch for Windows Servers

Cyber Security

On contrary to the gigantic updates on the previous Patch Tuesday, Microsoft has released only 2 critical updates this month – one of the lightest Patch Tuesdays in recent years.

What seems interesting here is the fix for Windows Internet Name Service, which allows the NETBIOS devices to communicate on the network. As per the bulletin MS11-035, the flaw in WINS (Windows Internet Name Service) enables malformed WINS packets to allow remote code execution attacks. The flaw is on both Windows Server 2003 and 2008 servers, but only if they are running WINS. Most of the servers these days are not running WINS anymore, as it is not considered as safe as DNS. It is not even installed by default on these operating systems. Thus, the update is for only those who installed it manually.

Another bulletin MS11-036, releases patch for two vulnerabilities in MS PowerPoint that could allow remote code execution attacks if a user opens a malicious ppt file. Though the attacker is limited to the locally logged on user’s privileges, it is important to patch this up too.

Overall, 3 vulnerabilities are taken care of with the 2 security bulletins released on this Patch Tuesday.