Trustwave Protections Deployed: MS11-083

Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released one "critical" bulletin, two "important," and one "moderate". The most critical, MS11-083 (CVE-2011-2013) which indicates a flaw in the TCP/IP implementation that possibly allows remote code execution by an attacker flooding a vulnerable OS with crafted UDP packets.

Trustwave Spiderlabs has investigated the MS11-083 threat and the team has implemented protections for our Intrusion Detection System (IDS) platforms. The deployed solution relies on detecting unusual ICMP traffic associated with this attack. Trustwave offers a variety of security products to protect against the latest threats and below is the coverage for MS11-083.

Trustwave Coverage for MS11-083
ProductThreat Mitigation
Internal Vulnerability ScannerN/A
External Vulnerability ScannerN/A
mailMAXN/A
Intrusion Detection System / Intrusion Prevention System (IDS/IPS)Signature deployed on 11-14-2011 to detect suspicious ICMP traffic.
ModSecurityN/A
Network Access Control (NAC)N/A
WebDefendN/A

Microsoft has released a security update for this vulnerability. For additional information about this exploit and the affected operating systems, please visit http://technet.microsoft.com/en-us/security/bulletin/ms11-083.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.