Microsoft patches 1990s-era 'Ping of Death'

Also plugs critical holes in IE9, Windows' DNS service in 22-fix collection

Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."

Of Tuesday's 13 updates, called "bulletins" by Microsoft, two were labeled "critical" -- the most-serious rating in the company's four-step score -- nine were marked "important," the next-most-dangerous category, and two were pegged as "moderate."

Three of the 22 individual vulnerabilities patched today in the baker's dozen of bulletins were rated critical. The remainder were split -- 15 and four, respectively -- between important and moderate.

Researchers today called out MS11-057, which patches seven flaws in Internet Explorer (IE), as the most important to patch pronto.

"This is the anticipated IE update, about what we expected," said Andrew Storms, director of security operations at nCircle Security, referring to Microsoft's habit of updating its browser every two months. "The most important thing here is that it affects IE9."

Today's IE update was the second to patch critical vulnerabilities in IE9 on Vista and Windows 7. Microsoft first fixed a critical IE9 bug in June.

"MS11-057 affects all Windows versions, and all it takes is a malicious [Web] page to take control of a PC," echoed Wolfgang Kandek, chief technology officer for Qualys. "It's a no-brainer to put this at the top of the list."

Other security experts from Symantec and Kaspersky Lab also highlighted the IE update as the one users should deploy first.

"Both of [the critical vulnerabilities] can be exploited by a drive-by download," said Joshua Talbot, security intelligence manager with Symantec's security response team, in an email. "The fact that vulnerabilities such as these continue to be so common is one reason why web-based attacks are so prevalent."

Drive-by download attacks are those that can be triggered simply by steering a vulnerable browser to a malicious website. Users are typically duped into visiting such sites by search poisoning efforts or links embedded in spammed email messages.

Most experts, including those on Microsoft's payroll, called out MS11-058 as the second update to apply as soon as possible.

That update patches a pair of vulnerabilities in Microsoft's DNS (domain name system) service, which is used by many organizations to translate Internet addresses into the domains recognizable to humans.

Microsoft ranked one of the MS11-058 bugs as critical on Windows Server 2008 and Server 2008 R2 when running the DNS service, and warned that attackers could remotely exploit such servers simply by sending it a malformed query.

"[That] could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration," said Microsoft in a follow-up post to its Security Research & Defense blog today.

"This is significant, as the majority of organizations running Microsoft-based networks do have DNS activated on their servers," said Marcus Carey, a security researcher with Rapid7, in an email today.

Kandek seconded that as he pushed for MS11-058 to make second on the patch-ASAP list. "Microsoft's DNS service is pretty widely deployed, many IT shops have it in place," he noted.

Kandek and his colleague, Amol Sarwate, the manager of Qualys' vulnerability research lab, expect attackers to closely examine the DNS patch in the hope of crafting a working exploit. "It's going to be interesting to malware authors, who, if they successfully exploited it, could modify search results users see," said Sarwate.

"I think this will be a good challenge for researchers because [DNS servers are] a good target," added Kandek.

Microsoft pegged that vulnerability as a "3" on its exploitability index, indicating it doesn't believe a reliable exploit will appear in the next 30 days.

Kandek wasn't so sure, and said he wouldn't be surprised if hackers figured out how to hit vulnerable DNS servers.

Unlike other researchers, nCircle's Storms had a different pick for second place: MS11-064, an update that patched two bugs in the Windows TCP/IP stack.

The vulnerability marked "CVE-2011-1871" brought back memories for Storms.

"This looks like the "Ping of Death" from the early-to-mid 1990s," said Storms. "Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot."

Two decades ago, the Ping of Death was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system. "People would say, 'You're stupid to put your machines on the Internet," said Storms.

"My suspicion is that if this catches fire and someone writes a small attack tool and releases it, you could see [Windows PCs] blue screened at your local coffee shop," Storms said, talking about the possibility of crashing machines on a free Wi-Fi network.

Storms said it appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s.

The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.

Others were less concerned with the new Ping of Death problem. "It's definitely an old-school kind of attack," said Sarwate of Qualys. "But if it is exploited, I think it would be more on the prank side."

"There are easier ways to bring down a [Web] server than this," said Kandek, when asked whether the vulnerability might be exploited by hacking groups such as Anonymous that have knocked major sites offline this year using traditional denial-of-service attacks.

Microsoft also patched other vulnerabilities in Windows, including several two in remote access components of the OS and one in the kernel, as well as bugs in Visio, Visual Studio and the .Net Framework.

August's security patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His e-mail address is

See more articles by Gregg Keizer.

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoperating systemssoftwareWindows

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?