Microsoft hosts BlueHatv11, releases four bulletins


On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details.

Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured presentations from hand-picked security researchers about current and emerging security threats. By fostering dialogue, and constantly engaging with the security researcher community, we’ve learned that, for the most part, we share one common goal; to provide protection. Here’s a short video showing what attendees had to say about this year’s event.

To protect customers, as I mentioned in the Advance Notification Service blog post this month, we are releasing four security updates, which will increase protection by addressing four privately reported CVEs in Microsoft Windows. As always, customers should plan to install all of these updates as soon as possible. There is one bulletin, however, that we want to call out as a priority for our customers:

  • MS11-083 (TCP/IP): This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow Remote Code Execution if an attacker sends a continuous flow of specifically crafted UDP packets to a closed port on a target system.

Again, we encourage all customers prioritize MS11-083 this month.

In the video below, Jerry Bryant discusses this month’s bulletins in further detail.

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Deployment Priority

Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).

Exploitability Index

You can find more information about this month’s security updates on the Microsoft Security Bulletin Summary web page.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Jerry Bryant and Dustin Childs. I invite you to tune in and learn more about the November security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, November 9, 2011 at 11 A.M. PT. Click here to register.

You can also follow the MSRC team on Twitter at @MSFTSecResponse for all the latest information.

Pete Voss
Sr. Response Communications Manager
Microsoft Trustworthy Computing