Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released one "critical" bulletin, two "important," and one "moderate". The most critical, MS11-083 (CVE-2011-2013) which indicates a flaw in the TCP/IP implementation that possibly allows remote code execution by an attacker flooding a vulnerable OS with crafted UDP packets.
Trustwave Spiderlabs has investigated the MS11-083 threat and the team has implemented protections for our Intrusion Detection System (IDS) platforms. The deployed solution relies on detecting unusual ICMP traffic associated with this attack. Trustwave offers a variety of security products to protect against the latest threats and below is the coverage for MS11-083.
Product | Threat Mitigation |
Internal Vulnerability Scanner | N/A |
External Vulnerability Scanner | N/A |
mailMAX | N/A |
Intrusion Detection System / Intrusion Prevention System (IDS/IPS) | Signature deployed on 11-14-2011 to detect suspicious ICMP traffic. |
ModSecurity | N/A |
Network Access Control (NAC) | N/A |
WebDefend | N/A |
Microsoft has released a security update for this vulnerability. For additional information about this exploit and the affected operating systems, please visit http://technet.microsoft.com/en-us/security/bulletin/ms11-083.