The May 2011 edition of Microsoft’s Patch Tuesday is a relatively modest one with the software giant posting just two bulletins addressing bugs that could allow for remote code execution, but only one of which is rated critical.
The first bulletin, MS11-035, addresses a privately reported critical vulnerability within the Windows Internet Name Service (WINS). This could allow for remote code execution on any individual PC receiving a specially crafted WINS replication packet. As WINS is not a default installation on any operating system, this bug only affects individuals who manually installed the application.
The second bulletin, MS11-036, which is rated as important, addresses two privately disclosed bugs in PowerPoint that could also lead to remote code execution if a user opens a specially crafted PowerPoint file. Any attacker successfully exploiting these vulnerabilities would gain the same user rights as the logged-in user. As always, any user whose system is configured to allow fewer user rights will be less impacted than those with administrative rights.
Attackers for years have been taking advantage of Microsoft’s Patch Tuesday to tailor attacks to the newly disclosed vulnerabilities. Now, the new thing appears to be phishing campaigns that play off of the Patch Tuesday bulletins.
According to Websense Security Labs’ ThreatSeeker network, a fake Patch Tuesday update started making rounds yesterday and only has a detection rate of 11 percent. The threat is being delivered via an email titled “URGENT: Critical Security Update” and those who decide to install the fake update will become infected with a variant of the Zeus Trojan.