magnify
Home Güvenlik Alert – Critical Product Vulnerability – October 2011 Microsoft Security Bulletin Release
formats

Alert – Critical Product Vulnerability – October 2011 Microsoft Security Bulletin Release

Tarih 11 Ekim 2011 yazar içinde Güvenlik
What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin(s) being released on October 11, 2011. Security bulletins are released monthly to resolve critical problem vulnerabilities.

 

New Security Bulletins

 

Microsoft is releasing the following eight new security bulletins for newly discovered vulnerabilities:

 

Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS11-075 Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) Important Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-076 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926) Important Remote Code Execution May require restart Microsoft Windows Vista, Windows 7, and Windows Media Center TV Pack for Windows Vista.
MS11-077 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053) Important Remote Code Execution Requires restart Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-078 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) Critical Remote Code Execution May require restart Microsoft .NET Framework on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2;

Microsoft Silverlight 4.

MS11-079 Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) Important Remote Code Execution May require restart Microsoft Forefront Unified Access Gateway 2010.
MS11-080 Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799) Important Elevation of Privilege Requires restart Microsoft Windows XP and Windows Server 2003.
MS11-081 Cumulative Security Update for Internet Explorer (2586448) Critical Remote Code Execution Requires restart Internet Explorer on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS11-082 Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) Important Denial of Service May require restart Microsoft Host Integration Server 2004, Host Integration Server 2006, Host Integration Server 2009, and Host Integration Server 2010.

 

The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin at the link provided and review the “Affected Software” section.

 

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/en-us/security/bulletin/ms11-oct.

 

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.

 

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

 

Public Bulletin Webcast

 

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 12, 2011, 11:00 A.M. Pacific Time (U.S. and Canada)

URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032487956

New Security Bulletin Technical Details

 

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/.

 

Bulletin Identifier Microsoft Security Bulletin MS11-075
Bulletin Title Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Executive Summary This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained.

 

The security update addresses the vulnerability by correcting the manner in which the Microsoft Active Accessibility component loads external libraries.

Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors
  • A maliciously crafted DLL.
  • A maliciously crafted file share or WebDAV location.
Mitigating Factors
  • For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
  • SMB is commonly disabled on the perimeter firewall.
  • Exploitation only gains the same user rights as the logged on account.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-075

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-076
Bulletin Title Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained.

 

The security update addresses the vulnerability by correcting the manner in which Windows Media Center loads external libraries.

Severity Ratings and Affected Software This security update is rated Important for all supported editions of Windows Vista and Windows 7; and Windows Media Center TV Pack for Windows Vista.
Attack Vectors
  • A maliciously crafted DLL.
  • A maliciously crafted file share or WebDAV location.
Mitigating Factors
  • For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.
  • SMB is commonly disabled on the perimeter firewall.
  • Exploitation only gains the same user rights as the logged on account.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-076

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-077
Bulletin Title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an email attachment.

 

The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode drivers validate input passed from user mode, handle the TrueType font type, allocate the proper buffer size before writing to memory, and manage kernel-mode driver objects.

Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors For CVE-2011-2003

  • A specially crafted font file.
    (such as a .fon file)

For CVE-2011-2011 and CVE-2011-1985

  • A maliciously crafted application.
  • A maliciously crafted script.

For CVE-2011-2002

  • Specially crafted TrueType font files hosted on a network file or WebDav share.
Mitigating Factors For CVE-2011-2003

  • A user must visit an untrusted remote file system location or WebDAV share and open a specially crafted font file, or open the file as an email attachment.
  • SMB is commonly disabled on the perimeter firewall.

For CVE-2011-2011 and CVE-2011-1985

  • An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

For CVE-2011-2002

  • Users would have to be persuaded to visit a malicious website.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-054
Full Details http://technet.microsoft.com/security/bulletin/MS11-077

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-078
Bulletin Title Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Executive Summary This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

 

The security update addresses the vulnerability by correcting the manner in which the .NET Framework restricts inheritance within classes.

Severity Ratings and Affected Software This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows; and Microsoft Silverlight 4.
Attack Vectors
  • A website that contains a specially crafted XAML browser application.
  • A specially crafted XAML browser application.
  • A web hosting environment allows users to upload custom ASP.NET applications.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious website.
  • By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
  • Exploitation only gains the same user rights as the local user or ASP.NET account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a website and ASP.NET must be installed on that web server.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS09-061, MS10-060, and MS10-070
Full Details http://technet.microsoft.com/security/bulletin/MS11-078

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-079
Bulletin Title Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Executive Summary This security update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected website using a specially crafted URL. However, an attacker would have no way to force users to visit such a website.

 

The security update addresses the vulnerabilities by modifying the way that UAG handles specially crafted requests, modifying the MicrosoftClient.JAR file, and adding exception handling around the null value of the UAG web server.

Severity Ratings and Affected Software This security update is rated Important for all supported versions of Microsoft Forefront Unified Access Gateway 2010.
Attack Vectors
  • A maliciously crafted webpage.
  • A maliciously crafted link in an email message or on a website.
  • A maliciously crafted script.
  • Maliciously crafted network packets for CVE-2011-2012.
Mitigating Factors For CVE-2011-1969

  • Users would have to be persuaded to visit a malicious website.
  • Exploitation only gains the same user rights as the logged on account.

For CVE-2011-1895, CVE-2011-1896, and CVE-2011-1897

  • Users would have to be persuaded to open a specially crafted URL from a webpage, email, or IM.
  • Microsoft has not identified any mitigations for CVE-2011-2012.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-079

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-080
Bulletin Title Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Executive Summary This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application.

 

The security update addresses the vulnerability by correcting the way that the Ancillary Function Driver (AFD) validates input before passing the input from user-mode to the Windows kernel.

Severity Ratings and Affected Software This security update is rated Important for all supported editions of Windows XP and Windows Server 2003.
Attack Vectors
  • A maliciously crafted application.
  • A maliciously crafted script.
Mitigating Factors
  • An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-046
Full Details http://technet.microsoft.com/security/bulletin/MS11-080

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-081
Bulletin Title Cumulative Security Update for Internet Explorer (2586448)
Executive Summary This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

 

The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and the way that Internet Explorer allocates and accesses memory.

Severity Ratings and Affected Software This security update is rated Critical for Internet Explorer on Windows clients and Moderate for Internet Explorer on Windows servers.
Attack Vectors
  • A maliciously crafted webpage.
  • A maliciously crafted HTML email.
  • A maliciously crafted script.
Mitigating Factors
  • Users would have to be persuaded to visit a malicious website.
  • By default, all versions of Outlook, Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites zone.
  • By default, IE on Windows 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode.
  • An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS11-057
Full Details http://technet.microsoft.com/security/bulletin/MS11-081

 

 

Bulletin Identifier Microsoft Security Bulletin MS11-082
Bulletin Title Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Executive Summary This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478.

 

The security update addresses the vulnerabilities by modifying the way that Host Integration Server handles specially crafted UDP and TCP packets.

Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Host Integration Server 2004, Microsoft Host Integration Server 2006, Microsoft Host Integration Server 2009, and Microsoft Host Integration Server 2010.
Attack Vectors
  • Maliciously crafted network packets sent to a Host Integration Server that is listening on UDP port 1478 or TCP ports 1477 and 1478.
Mitigating Factors
  • Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
  • Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details http://technet.microsoft.com/security/bulletin/MS11-082

 

Regarding Information Consistency

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager.

 

Thank you,

 

Microsoft CSS Security Team

 

 

 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn
Alert – Critical Product Vulnerability – October 2011 Microsoft Security Bulletin Release için yorumlar kapalı  comments 
© Hakan Uzuner
credit