Forum

Alert – Critical Pr...
 
Bildirimler
Hepsini Temizle

Alert – Critical Product Vulnerability – October 2011 Microsoft Security Bulletin Release

1 Yazılar
1 Üyeler
0 Reactions
466 Görüntüleme
Hakan Uzuner
(@hakanuzuner)
Gönderiler: 33367
Illustrious Member Yönetici
Konu başlatıcı
 
What is the purpose of this alert?

This alert is to provide you with an overview of the new security
bulletin(s) being released on October 11, 2011. Security bulletins are
released monthly to resolve critical problem vulnerabilities.

 

New Security Bulletins

 

Microsoft is releasing the following eight new security bulletins for newly discovered vulnerabilities:

 

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) Important Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-076 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) Important Remote Code Execution May require restart Microsoft Windows Vista, Windows 7, and Windows Media Center TV Pack for Windows Vista.
MS11-077 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) Important Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-078 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) Critical Remote Code Execution May require restart Microsoft .NET Framework on Microsoft Windows XP, Windows Server
2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server
2008 R2;

Microsoft Silverlight 4.

MS11-079 Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) Important Remote Code Execution May require restart Microsoft Forefront Unified Access Gateway 2010.
MS11-080 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) Important Elevation of Privilege Requires restart Microsoft Windows XP and Windows Server 2003.
MS11-081 Cumulative Security Update for Internet Explorer (2586448) Critical Remote Code Execution Requires restart Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-082 Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) Important Denial of Service May require restart Microsoft Host Integration Server 2004, Host Integration Server
2006, Host Integration Server 2009, and Host Integration Server 2010.

 

The list of affected software in the summary table is an abstract.
To see the full list of affected components please visit the bulletin at
the link provided and review the “Affected Software” section.

 

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/en-us/security/bulletin/ms11-oct .

 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Server Update Services
(WSUS), Windows Update (WU), and the Download Center. Information on the
Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830 .

 

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available
on Microsoft Update (MU), Windows Update (WU), or Windows Server Update
Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199 .

 

Public Bulletin Webcast

 

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 12, 2011, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032487956

New Security Bulletin Technical Details

 

In the following tables of affected and non-affected software,
software editions that are not listed are past their support lifecycle.
To determine the support lifecycle for your product and edition, visit
the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/ .

 

Bulletin Identifier Microsoft Security Bulletin MS11-075
Bulletin Title Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Executive Summary This security update resolves a privately reported vulnerability in
the Microsoft Active Accessibility component. The vulnerability could
allow remote code execution if an attacker convinces a user to open a
legitimate file that is located in the same network directory as a
specially crafted dynamic link library (DLL) file. Then, while opening
the legitimate file, the Microsoft Active Accessibility component could
attempt to load the DLL file and execute any code it contained.

 

The security update addresses the vulnerability by correcting the
manner in which the Microsoft Active Accessibility component loads
external libraries.

Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors
  • A maliciously crafted DLL.
  • A maliciously crafted file share or WebDAV location.
Mitigating Factors
  • For an attack to be successful, a user must visit an untrusted
    remote file system location or WebDAV share and open a document from
    this location that is then loaded by a vulnerable application.
  • SMB is commonly disabled on the perimeter firewall.
  • Exploitation only gains the same user rights as the logged on account.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-075

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-076
Bulletin Title Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Executive Summary This security update resolves a publicly disclosed vulnerability in
Windows Media Center. The vulnerability could allow remote code
execution if an attacker convinces a user to open a legitimate file that
is located in the same network directory as a specially crafted dynamic
link library (DLL) file. Then, while opening the legitimate file,
Windows Media Center could attempt to load the DLL file and execute any
code it contained.

 

The security update addresses the vulnerability by correcting the manner in which Windows Media Center loads external libraries.

Severity Ratings and Affected Software This security update is rated Important for all supported editions
of Windows Vista and Windows 7; and Windows Media Center TV Pack for
Windows Vista.
Attack Vectors
  • A maliciously crafted DLL.
  • A maliciously crafted file share or WebDAV location.
Mitigating Factors
  • For an attack to be successful, a user must visit an untrusted
    remote file system location or WebDAV share and open a legitimate file.
  • SMB is commonly disabled on the perimeter firewall.
  • Exploitation only gains the same user rights as the logged on account.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-076

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-077
Bulletin Title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Executive Summary This security update resolves four privately reported
vulnerabilities in Microsoft Windows. The most severe of these
vulnerabilities could allow remote code execution if a user opens a
specially crafted font file (such as a .fon file) in a network share, a
UNC or WebDAV location, or an email attachment.

 

The security update addresses the vulnerabilities by correcting the
way that the Windows kernel-mode drivers validate input passed from user
mode, handle the TrueType font type, allocate the proper buffer size
before writing to memory, and manage kernel-mode driver objects.

Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors For CVE-2011-2003

  • A specially crafted font file.
    (such as a .fon file)

For CVE-2011-2011 and CVE-2011-1985

  • A maliciously crafted application.
  • A maliciously crafted script.

For CVE-2011-2002

  • Specially crafted TrueType font files hosted on a network file or WebDav share.
Mitigating Factors For CVE-2011-2003

  • A user must visit an untrusted remote file system location or WebDAV
    share and open a specially crafted font file, or open the file as an
    email attachment.
  • SMB is commonly disabled on the perimeter firewall.

For CVE-2011-2011 and CVE-2011-1985

  • An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

For CVE-2011-2002

  • Users would have to be persuaded to visit a malicious website.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-054
Full Details http://technet.microsoft.com/security/bulletin/MS11-077

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-078
Bulletin Title Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Executive Summary This security update resolves a privately reported vulnerability in
Microsoft .NET Framework and Microsoft Silverlight. The vulnerability
could allow remote code execution on a client system if a user views a
specially crafted webpage using a web browser that can run XAML Browser
Applications (XBAPs) or Silverlight applications. The vulnerability
could also allow remote code execution on a server system running IIS,
if that server allows processing ASP.NET pages and an attacker succeeds
in uploading a specially crafted ASP.NET page to that server and then
executes the page, as could be the case in a web hosting scenario. This
vulnerability could also be used by Windows .NET applications to bypass
Code Access Security (CAS) restrictions.

 

The security update addresses the vulnerability by correcting the
manner in which the .NET Framework restricts inheritance within classes.

Severity Ratings and Affected Software This security update is rated Critical for Microsoft .NET Framework
1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1,
Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework
3.5.1, and Microsoft .NET Framework 4 on all supported editions of
Microsoft Windows; and Microsoft Silverlight 4.
Attack Vectors
  • A website that contains a specially crafted XAML browser application.
  • A specially crafted XAML browser application.
  • A web hosting environment allows users to upload custom ASP.NET applications.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious website.
  • By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
  • Exploitation only gains the same user rights as the local user or
    ASP.NET account. Users whose accounts are configured to have fewer user
    rights on the system could be less impacted than users who operate with
    administrative user rights.
  • In a web-hosting scenario, an attacker must have permission to
    upload arbitrary ASP.NET pages to a website and ASP.NET must be
    installed on that web server.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS09-061, MS10-060, and MS10-070
Full Details http://technet.microsoft.com/security/bulletin/MS11-078

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-079
Bulletin Title Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Executive Summary This security update resolves five privately reported
vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The
most severe of these vulnerabilities could allow remote code execution
if a user visits an affected website using a specially crafted URL.
However, an attacker would have no way to force users to visit such a
website.

 

The security update addresses the vulnerabilities by modifying the
way that UAG handles specially crafted requests, modifying the
MicrosoftClient.JAR file, and adding exception handling around the null
value of the UAG web server.

Severity Ratings and Affected Software This security update is rated Important for all supported versions of Microsoft Forefront Unified Access Gateway 2010.
Attack Vectors
  • A maliciously crafted webpage.
  • A maliciously crafted link in an email message or on a website.
  • A maliciously crafted script.
  • Maliciously crafted network packets for CVE-2011-2012.
Mitigating Factors For CVE-2011-1969

  • Users would have to be persuaded to visit a malicious website.
  • Exploitation only gains the same user rights as the logged on account.

For CVE-2011-1895, CVE-2011-1896, and CVE-2011-1897

  • Users would have to be persuaded to open a specially crafted URL from a webpage, email, or IM.
  • Microsoft has not identified any mitigations for CVE-2011-2012.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-079

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-080
Bulletin Title Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Executive Summary This security update resolves a privately reported vulnerability in
the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability
could allow elevation of privilege if an attacker logs on to a user’s
system and runs a specially crafted application.

 

The security update addresses the vulnerability by correcting the way
that the Ancillary Function Driver (AFD) validates input before passing
the input from user-mode to the Windows kernel.

Severity Ratings and Affected Software This security update is rated Important for all supported editions of Windows XP and Windows Server 2003.
Attack Vectors
  • A maliciously crafted application.
  • A maliciously crafted script.
Mitigating Factors
  • An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-046
Full Details http://technet.microsoft.com/security/bulletin/MS11-080

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-081
Bulletin Title Cumulative Security Update for Internet Explorer (2586448)
Executive Summary This security update resolves eight privately reported
vulnerabilities in Internet Explorer. The most severe vulnerabilities
could allow remote code execution if a user views a specially crafted
webpage using Internet Explorer.

 

The update addresses the vulnerabilities by modifying the way that
Internet Explorer handles objects in memory and the way that Internet
Explorer allocates and accesses memory.

Severity Ratings and Affected Software This security update is rated Critical for Internet Explorer on
Windows clients and Moderate for Internet Explorer on Windows servers.
Attack Vectors
  • A maliciously crafted webpage.
  • A maliciously crafted HTML email.
  • A maliciously crafted script.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious website.
  • By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.
  • By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
  • An attacker who successfully exploited any of these vulnerabilities
    could gain the same user rights as the local user. Users whose accounts
    are configured to have fewer user rights on the system could be less
    impacted than users who operate with administrative user rights.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-057
Full Details http://technet.microsoft.com/security/bulletin/MS11-081

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-082
Bulletin Title Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Executive Summary This security update resolves two publicly disclosed vulnerabilities
in Host Integration Server. The vulnerabilities could allow denial of
service if a remote attacker sends specially crafted network packets to a
Host Integration Server listening on UDP port 1478 or TCP ports 1477
and 1478.

 

The security update addresses the vulnerabilities by modifying the
way that Host Integration Server handles specially crafted UDP and TCP
packets.

Severity Ratings and Affected Software This security update is rated Important for all supported editions
of Microsoft Host Integration Server 2004, Microsoft Host Integration
Server 2006, Microsoft Host Integration Server 2009, and Microsoft Host
Integration Server 2010.
Attack Vectors
  • Maliciously crafted network packets sent to a Host Integration
    Server that is listening on UDP port 1478 or TCP ports 1477 and 1478.
Mitigating Factors
  • Firewall best practices and standard default firewall configurations
    can help protect networks from attacks that originate outside the
    enterprise perimeter.
  • Best practices recommend that systems that are connected to the
    Internet have a minimal number of ports exposed. In this case, the Host
    Integration Server ports should be blocked from the Internet.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-082

 

Regarding Information Consistency

 

We strive to provide you with accurate information in static (this
mail) and dynamic (web-based) content. Microsoft’s security content
posted to the web is occasionally updated to reflect late-breaking
information. If this results in an inconsistency between the information
here and the information in Microsoft’s web-based security content, the
information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager.

 

Thank you,

 

Microsoft CSS Security Team

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

 
Gönderildi : 11/10/2011 23:45

Paylaş: