Security Blog

Microsoft Patches Critical Vulnerabilities in IE, Windows DNS Server

Internet Explorer and Windows DNS Server both received critical patches from Microsoft in the most recent Patch Tuesday round of software updates. A total of 13 items were patched in this round of updates, with the remaining 11 of the 13 patches given a severity rating of "moderate" or "important." Microsoft posted details of the patch online in the August 11th Security Bulletin Summary.

This week's cumulative update for Internet Explorer (2559049, bulletin MS11-057) fixes seven vulnerabilities in IE, including severe vulnerabilities that "could allow remote code execution if a user views a specially crafted Web page using Internet Explorer." Like most other modern web browsers, IE is constantly being tested by hackers searching for vulnerabilities and weaknesses. Microsoft has been very aggressive about patching vulnerabilities in IE over the last few years, and recent statements by Microsoft executives indicate that a more aggressive approach to platform security will continue.

The other critical vulnerability patched was related to Windows DNS server (2562485, bulletin MS11-058), which was susceptible to two privately reported security vulnerabilities. Like the aforementioned IE vulnerability, this update patches a vulnerability that deals with remote code execution. "The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server," the bulletin warns. "Servers that do not have the DNS role enabled are not at risk."

Microsoft encourages system administrators and IT security professionals to deploy the updates. Visit the MSRC blog or MSRC Twitter account (@MSFTSecResponse) for more details and additional Microsoft security news and updates. It's also a good idea to review the services available in the Microsoft Technical Security Notifications website, which provides system administrators and security professionals a number of ways to receive Microsoft security notifications automatically.

Did you find anything unexpected in yesterday's Patch Tuesday update? Share your thoughts by adding a comment to this blog post or continuing the discussion on Twitter.


Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.