magnify
Home Güvenlik Alert – Critical Product Vulnerability – November 2011 Microsoft Security Bulletin Release
formats

Alert – Critical Product Vulnerability – November 2011 Microsoft Security Bulletin Release

Tarih 10 Kasım 2011 yazar içinde Güvenlik
What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletin(s) being released on November 08, 2011. Security bulletins are released monthly to resolve critical problem vulnerabilities.
New Security Bulletins
Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities:
Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Critical
Remote Code Execution Requires restart Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-084 Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) Moderate
Denial of Service Requires restart Microsoft Windows 7 and Windows Server 2008 R2.
MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) Important
Remote Code Execution May require restart Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) Important
Elevation of Privilege Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
* The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the bulletin summary link provided below and review the “Affected Software” section.
Summaries for new bulletin(s) may be found at http://technet.microsoft.com/security/bulletin/ms11-nov.
Microsoft Windows Malicious Software Removal Tool
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
High Priority Non-Security Updates
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
Security Bulletin Revisions
These two security bulletins were revised on November 08, 2011:
MS11-037 – Vulnerability in MHTML Could Allow Information Disclosure (2544893)
Overview: Microsoft rereleased this bulletin to reoffer the update on all supported editions of Windows XP and Windows Server 2003. The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems. Systems running supported editions of Windows XP and Windows Server 2003 will automatically be offered the new version of this update.
Recommendations: Customers using Windows XP or Windows Server 2003, including those who have already successfully installed the update originally offered on June 14, 2011, should install the reoffered update. See the FAQ section within the bulletin for details.
MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Overview: Microsoft rereleased this bulletin to announce the availability of an update for Windows 7 Embedded. No other update packages are affected by this rerelease.
Recommendations: See the FAQ section within the bulletin for further details.
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft Security Bulletins for November (Level 200)
Date: Wednesday, November 09, 2011, 11:00 A.M. Pacific Time (U.S. and Canada)
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/.
Bulletin Identifier Microsoft Security Bulletin MS11-083
Bulletin Title Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. The security update addresses the vulnerability by modifying the way that the Windows TCP/IP stack keeps track of UDP packets within memory.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors An attacker could exploit this vulnerability by sending a continuous flow of specially crafted UDP packets to a closed port on a target system.
Mitigating Factors There are no mitigations identified for this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-064
Full Details http://technet.microsoft.com/security/bulletin/MS11-083
Bulletin Identifier Microsoft Security Bulletin MS11-084
Bulletin Title Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an email attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. The security update addresses the vulnerability by ensuring that the Windows kernel-mode drivers properly validate array indexes when loading TrueType font files.
Severity Ratings and Affected Software This security update is rated Moderate for all supported editions of Windows 7 and Windows 2008 R2.
Attack Vectors An attacker could host a specially crafted TrueType font on a network share and when the user navigates to the share in Windows Explorer, the affected control path is triggered via the Details and Preview panes. The specially crafted TrueType font could then exploit the vulnerability and cause the system to stop responding.
Mitigating Factors
  • For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share containing a specially crafted TrueType font file, or open the file as an email attachment. In all cases, however, an attacker would have no way to force users to perform these actions.
  • The file sharing protocol Server Message Block (SMB) is often disabled on the perimeter firewall. This limits the potential remote attack vectors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS11-077
Full Details http://technet.microsoft.com/security/bulletin/MS11-084
Bulletin Identifier Microsoft Security Bulletin MS11-085
Bulletin Title Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. The security update addresses the vulnerability by correcting the manner in which Windows Mail and Windows Meeting Space load external libraries.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Windows Vista; is rated Moderate for all supported editions of Windows Server 2008; and is rated Low for all supported editions of Windows 7 and Windows Server 2008 R2.
Attack Vectors
  • Email: An attacker could convince a user to open a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained.
  • Network: In a network attack scenario, an attacker could place a legitimate file (such as an .eml or .wcinv file) and a specially crafted DLL file in a network share, a UNC, or WebDAV location and then convince the user to open the file.
Mitigating Factors
  • On Windows Server 2008, Windows Mail and Windows Meeting Space are not installed by default. Windows Mail is only installed when the Desktop Experience is also installed.
  • The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. This limits the potential attack vectors for this CVE.
  • For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-085
Bulletin Identifier Microsoft Security Bulletin MS11-086
Bulletin Title Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
Executive Summary This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. The security update addresses the vulnerability by changing the way that Active Directory verifies certificates against the Certificate Revocation List (CRL).
Severity Ratings and Affected Software This security update is rated Important for Active Directory, ADAM, and AD LDS when installed on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 (except Itanium), Windows 7, and Windows Server 2008 R2 (except Itanium).
Attack Vectors To exploit this vulnerability, an attacker would first have to acquire a revoked certificate that is associated with a valid account on the domain. An attacker could then exploit this vulnerability by using this previously revoked certificate to authenticate to the Active Directory domain and gain access to network resources or run code under the privileges of a specific authorized user with which the certificate is associated.
Mitigating Factors By default, Active Directory is not configured to use LDAP over SSL.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS10-068
Full Details http://technet.microsoft.com/security/bulletin/MS11-086
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager.
Thank you,
Microsoft CSS Security Team
 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
Alert – Critical Product Vulnerability – November 2011 Microsoft Security Bulletin Release için yorumlar kapalı  comments 
© Hakan Uzuner
credit