August 20, 2014

Patch Tuesday Blocks More DigiNotar Certificates

(LiveHacking.Com) - As anticipated Microsoft has issued five security bulletins bringing a number of updates to Windows and Office. At the same time it has released a new update  (2616676) that blocks six additional DigiNotar root certificates. These new certificates are ones that are cross-signed by Entrust and GTE. They are:

  • DigiNotar Root CA Issued by Entrust (2 certificates)
  • DigiNotar Services 1024 CA Issued by Entrust
  • Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)

The security bulletins issued are

  1. MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege
  2. MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution
  3. MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  4. MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  5. MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

None of the bulletins are rated as Critical but the affected software includes all of Microsoft’s currently supported versions of Windows including XP, Vista, Windows 7 and Windows Server 2003/2008 as well Office 2003, 2007 and 2010.

MS11-071, 072 and 073 all relate to vulnerabilities could allow remote code execution if a user opens a specially crafted file. In some cases, for .doc., .rtf and .txt files, the document needs to be the located in the same network directory as a specially crafted library file for the exploit to work.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks