WINS bug patch for Windows Servers

Contrary to the gigantic updates on the previous Patch Tuesday, Microsoft has released only two critical updates this month – one of the lightest Patch Tuesdays in recent years.

What seems interesting here is the fix for Windows Internet Name Service, which allows the NETBIOS devices to communicate on the network. As per the bulletin MS11-035, the flaw in WINS (Windows Internet Name Service) enables malformed WINS packets to allow remote code execution attacks. The drawback is on Windows Server 2003 and 2008 servers, but only if they run WINS. Most servers are not running WINS anymore, as it is not considered as safe as DNS. It is not even installed by default on these operating systems. Thus, the update is for only those who installed it manually.

Another bulletin MS11-036 releases a patch for two vulnerabilities in MS PowerPoint that could allow remote code execution attacks if a user opens a malicious ppt file. Though the attacker is limited to the locally logged-on user’s privileges, it is essential to patch this up too.

Overall, three vulnerabilities are handled with the two security bulletins released on this Patch Tuesday.