August 9, 2011 5:54 PM (PT)
The nCircle VERT Alert is brought to you by nCircle VERT, nCircle's research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.
Today's VERT Alert addresses thirteen new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-415 on Wednesday, August 10th.
|Windows Open Race Condition Vulnerability||CVE-2011-1257|
|Event Handlers Information Disclosure Vulnerability||CVE-2011-1960|
|Telnet Handler Remote Code Execution Vulnerability||CVE-2011-1961|
|Shift JIS Character Encoding Vulnerability||CVE-2011-1962|
|XSLT Memory Corruption Vulnerability||CVE-2011-1963|
|Style Object Memory Corruption Vulnerability||CVE-2011-1964|
|Drag and Drop Information Disclosure Vulnerability||CVE-2011-2383|
|DNS NAPTR Query Vulnerability||CVE-2011-1966|
|DNS Uninitialized Memory Corruption Vulnerability||CVE-2011-1970|
|Data Access Components Insecure Library Loading Vulnerability||CVE-2011-1975|
|pStream Release RCE Vulnerability||CVE-2011-1972|
|Move Around the Block RCE Vulnerability||CVE-2011-1979|
|Remote Desktop Web Access Vulnerability||CVE-2011-1263|
|NDISTAPI Elevation of Privilege Vulnerability||CVE-2011-1974|
|ICMP Denial of Service Vulnerability||CVE-2011-1871|
|TCP/IP QOS Denial of Service Vulnerability||CVE-2011-1965|
|Remote Desktop Protocol Vulnerability||CVE-2011-1968|
|Chart Control Information Disclosure Vulnerability||CVE-2011-1977|
|Report Viewer Controls XSS Vulnerability||CVE-2011-1976|
|Windows Kernel Metadata Parsing DOS Vulnerability||CVE-2011-1971|
|Socket Restriction Bypass Vulnerability||CVE-2011-1978|
MS11-057The biggest bulletin this month is for Internet Explorer, containing fixes for 7 IE vulnerabilities. 6 of these vulnerabilities affect Internet Explorer 9. This update also includes improvements to IE9's protected mode feature.
Two vulnerabilities affect the Microsoft DNS server are resolved with this bulletin. The more critical of the two involves NAPTR (Naming Authority Pointer) record (which is described in RFCs 3401, 3402, 3403 and 3404). Successful exploitation of this vulnerability would require the attacker setup a malicious authoritative DNS server and perform a DNS query against the victim DNS Server. Microsoft has released a blog post with additional details on this vulnerability.
This bulletin describes another DLL Preloading Fix. This one affects Windows Data Access Components.
The two vulnerabilities in this bulletin are the only file format vulnerabilities patched this month, and both of them affect Microsoft Visio.
The login page of Remote Desktop Web Access is vulnerable to cross-site scripting attacks. This issue is resolved with MS11-061.
The CVE resolved by MS11-062 could allow privilege escalation via the NDISTAPI driver.
This bulletin resolves a single vulnerability affecting the Client/Server Run-Time Subsystem. A privilege escalation vulnerability (which is what this bulletin fixes) was also patched in this component last month.
The two vulnerabilities fixed in MS11-064 affect the Windows TCP/IP stack. The less interesting of the two is related to URL-based QoS on Windows 7 and Server 2008 R2. The other is a denial of service that results from a series of ICMP packets sent to a host.
The single vulnerability resolved by MS11-065 affects the Remote Desktop Service on Windows XP and Server 2003.
The CVE resolved by MS11-062 could allow privilege escalation via the NDISTAPI driver.The vulnerability in this bulletin, called an 'Information Disclosure' is a directory traversal attack. It allows attackers to read files within directories that they should not have access to.
MS11-067 is the second cross-site scripting issue patched this month, this time in the Microsoft Report Viewer control.
This is a local denial of service vulnerability (requiring user interaction) that affects Windows Vista and newer.
The final bulletin this month fixes a flaw in the .NET framework, specifically related to XAML Browser Applications (XBAPs) that could allow an attacker to gain access to information or man-in-the-middle network traffic.
As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.
Ease of Use (published exploits) to Risk Table:
No Known Exploit
All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the nCircle website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.