Alert – Critical Product Vulnerability – October 2011 Microsoft Security Bulletin Release – Paylasim

Konu başlatıcı

What is the purpose of this alert?

This alert is to provide you with an overview of the new security
bulletin(s) being released on October 11, 2011. Security bulletins are
released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following eight new security bulletins for newly discovered vulnerabilities:

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software
MS11-075	Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)	Important	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-076	Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)	Important	Remote Code Execution	May require restart	Microsoft Windows Vista, Windows 7, and Windows Media Center TV Pack for Windows Vista.
MS11-077	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)	Important	Remote Code Execution	Requires restart	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-078	Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)	Critical	Remote Code Execution	May require restart	Microsoft .NET Framework on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; Microsoft Silverlight 4.
MS11-079	Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)	Important	Remote Code Execution	May require restart	Microsoft Forefront Unified Access Gateway 2010.
MS11-080	Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)	Important	Elevation of Privilege	Requires restart	Microsoft Windows XP and Windows Server 2003.
MS11-081	Cumulative Security Update for Internet Explorer (2586448)	Critical	Remote Code Execution	Requires restart	Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-082	Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)	Important	Denial of Service	May require restart	Microsoft Host Integration Server 2004, Host Integration Server 2006, Host Integration Server 2009, and Host Integration Server 2010.

The list of affected software in the summary table is an abstract.
To see the full list of affected components please visit the bulletin at
the link provided and review the “Affected Software” section.

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/en-us/security/bulletin/ms11-oct .

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Server Update Services
(WSUS), Windows Update (WU), and the Download Center. Information on the
Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830 .

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available
on Microsoft Update (MU), Windows Update (WU), or Windows Server Update
Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199 .

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 12, 2011, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032487956

New Security Bulletin Technical Details

In the following tables of affected and non-affected software,
software editions that are not listed are past their support lifecycle.
To determine the support lifecycle for your product and edition, visit
the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/ .

Bulletin Identifier	Microsoft Security Bulletin MS11-075
Bulletin Title	Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Executive Summary	This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. The security update addresses the vulnerability by correcting the manner in which the Microsoft Active Accessibility component loads external libraries.
Severity Ratings and Affected Software	This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors	A maliciously crafted DLL. A maliciously crafted file share or WebDAV location.
Mitigating Factors	For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. SMB is commonly disabled on the perimeter firewall. Exploitation only gains the same user rights as the logged on account.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	None
Full Details	http://technet.microsoft.com/security/bulletin/MS11-075

Bulletin Identifier	Microsoft Security Bulletin MS11-076
Bulletin Title	Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Executive Summary	This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. The security update addresses the vulnerability by correcting the manner in which Windows Media Center loads external libraries.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista.
Attack Vectors	A maliciously crafted DLL. A maliciously crafted file share or WebDAV location.
Mitigating Factors	For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file. SMB is commonly disabled on the perimeter firewall. Exploitation only gains the same user rights as the logged on account.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	None
Full Details	http://technet.microsoft.com/security/bulletin/MS11-076

Bulletin Identifier	Microsoft Security Bulletin MS11-077
Bulletin Title	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Executive Summary	This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an email attachment. The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode drivers validate input passed from user mode, handle the TrueType font type, allocate the proper buffer size before writing to memory, and manage kernel-mode driver objects.
Severity Ratings and Affected Software	This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors	For CVE-2011-2003 A specially crafted font file. (such as a .fon file) For CVE-2011-2011 and CVE-2011-1985 A maliciously crafted application. A maliciously crafted script. For CVE-2011-2002 Specially crafted TrueType font files hosted on a network file or WebDav share.
Mitigating Factors	For CVE-2011-2003 A user must visit an untrusted remote file system location or WebDAV share and open a specially crafted font file, or open the file as an email attachment. SMB is commonly disabled on the perimeter firewall. For CVE-2011-2011 and CVE-2011-1985 An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. For CVE-2011-2002 Users would have to be persuaded to visit a malicious website.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	MS11-054
Full Details	http://technet.microsoft.com/security/bulletin/MS11-077

Bulletin Identifier	Microsoft Security Bulletin MS11-078
Bulletin Title	Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. The security update addresses the vulnerability by correcting the manner in which the .NET Framework restricts inheritance within classes.
Severity Ratings and Affected Software	This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows; and Microsoft Silverlight 4.
Attack Vectors	A website that contains a specially crafted XAML browser application. A specially crafted XAML browser application. A web hosting environment allows users to upload custom ASP.NET applications.
Mitigating Factors	Users would have to be persuaded to visit a malicious website. By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode. Exploitation only gains the same user rights as the local user or ASP.NET account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. In a web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a website and ASP.NET must be installed on that web server.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS09-061, MS10-060, and MS10-070
Full Details	http://technet.microsoft.com/security/bulletin/MS11-078

Bulletin Identifier	Microsoft Security Bulletin MS11-079
Bulletin Title	Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Executive Summary	This security update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected website using a specially crafted URL. However, an attacker would have no way to force users to visit such a website. The security update addresses the vulnerabilities by modifying the way that UAG handles specially crafted requests, modifying the MicrosoftClient.JAR file, and adding exception handling around the null value of the UAG web server.
Severity Ratings and Affected Software	This security update is rated Important for all supported versions of Microsoft Forefront Unified Access Gateway 2010.
Attack Vectors	A maliciously crafted webpage. A maliciously crafted link in an email message or on a website. A maliciously crafted script. Maliciously crafted network packets for CVE-2011-2012.
Mitigating Factors	For CVE-2011-1969 Users would have to be persuaded to visit a malicious website. Exploitation only gains the same user rights as the logged on account. For CVE-2011-1895, CVE-2011-1896, and CVE-2011-1897 Users would have to be persuaded to open a specially crafted URL from a webpage, email, or IM. Microsoft has not identified any mitigations for CVE-2011-2012.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	None
Full Details	http://technet.microsoft.com/security/bulletin/MS11-079

Bulletin Identifier	Microsoft Security Bulletin MS11-080
Bulletin Title	Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Executive Summary	This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. The security update addresses the vulnerability by correcting the way that the Ancillary Function Driver (AFD) validates input before passing the input from user-mode to the Windows kernel.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Windows XP and Windows Server 2003.
Attack Vectors	A maliciously crafted application. A maliciously crafted script.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	MS11-046
Full Details	http://technet.microsoft.com/security/bulletin/MS11-080

Bulletin Identifier	Microsoft Security Bulletin MS11-081
Bulletin Title	Cumulative Security Update for Internet Explorer (2586448)
Executive Summary	This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and the way that Internet Explorer allocates and accesses memory.
Severity Ratings and Affected Software	This security update is rated Critical for Internet Explorer on Windows clients and Moderate for Internet Explorer on Windows servers.
Attack Vectors	A maliciously crafted webpage. A maliciously crafted HTML email. A maliciously crafted script.
Mitigating Factors	Users would have to be persuaded to visit a malicious website. By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone. By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	MS11-057
Full Details	http://technet.microsoft.com/security/bulletin/MS11-081

Bulletin Identifier	Microsoft Security Bulletin MS11-082
Bulletin Title	Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Executive Summary	This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. The security update addresses the vulnerabilities by modifying the way that Host Integration Server handles specially crafted UDP and TCP packets.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Microsoft Host Integration Server 2004, Microsoft Host Integration Server 2006, Microsoft Host Integration Server 2009, and Microsoft Host Integration Server 2010.
Attack Vectors	Maliciously crafted network packets sent to a Host Integration Server that is listening on UDP port 1478 or TCP ports 1477 and 1478.
Mitigating Factors	Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	None
Full Details	http://technet.microsoft.com/security/bulletin/MS11-082

Regarding Information Consistency

We strive to provide you with accurate information in static (this
mail) and dynamic (web-based) content. Microsoft’s security content
posted to the web is occasionally updated to reflect late-breaking
information. If this results in an inconsistency between the information
here and the information in Microsoft’s web-based security content, the
information in Microsoft’s web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager.

Thank you,

Microsoft CSS Security Team

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

Gönderildi : 11/10/2011 23:45