CVE-2011-0096

This month, Microsoft is releasing 17 bulletins to address 63 security vulnerabilities across a wide range of Windows products. Out of these vulnerabilities, 12 are rated critical and 51 important. About half of these vulnerabilities are being patched with the MS11-034 bulletin. They all involve Elevation of Privilege vulnerabilities in the Windows kernel. Elevation of privilege vulnerabilities have gained a lot in popularity as Windows 7 and the use of sandboxes have been gaining traction. Thes...

Microsoft released another heap of patches today, twelve to be exact. Most interesting is the IE CSS parser vulnerability that was exploited with a new Eleonore Exploit Pack release, v1.6.3a, selling for over $2,000 with the 0day, some new exploits, and interesting anti-research and tracking functionality. The vulnerability has been publicly disclosed by a Chinese researcher since at least late November. Also interesting enough to deserve a security advisory and FixIt patch, is a vulnerability d...

This month’s patch Tuesday is comprised of three bulletins covering four vulnerabilities. Two bulletins affect Windows while the other affects Office. The Windows vulnerabilities affect all currently supported client OS’s. The only critical vulnerability of this month belongs to Windows Media. A maliciously crafted MS-DVR file can allow for remote code execution. The affected products are Windows Media, Groove and Remote Desktop. Two vulnerabilities are being fixed in Windows Media. All thre...