Last week, it was Microsoft's Patch Tuesday! For November, Microsoft released one "critical" bulletin, two "important," and one "moderate". The most critical, MS11-083 (CVE-2011-2013) which indicates a flaw in the TCP/IP implementation that possibly allows remote code execution by an attacker flooding a vulnerable OS with crafted UDP packets.
Trustwave Spiderlabs has investigated the MS11-083 threat and the team has implemented protections for our Intrusion Detection System (IDS) platforms. The deployed solution relies on detecting unusual ICMP traffic associated with this attack. Trustwave offers a variety of security products to protect against the latest threats and below is the coverage for MS11-083.
Trustwave Coverage for MS11-083
|Internal Vulnerability Scanner||N/A|
|External Vulnerability Scanner||N/A|
|Intrusion Detection System / Intrusion Prevention System (IDS/IPS)||Signature deployed on 11-14-2011 to detect suspicious ICMP traffic.|
|Network Access Control (NAC)||N/A|
Microsoft has released a security update for this vulnerability. For additional information about this exploit and the affected operating systems, please visit http://technet.microsoft.com/en-us/security/bulletin/ms11-083.