August 9, 2011 5:54 PM (PT)
The nCircle VERT Alert is brought to you by nCircle VERT, nCircle's research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.
Today's VERT Alert addresses thirteen new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-415 on Wednesday, August 10th.
| Windows Open Race Condition Vulnerability | CVE-2011-1257 | |
| Event Handlers Information Disclosure Vulnerability | CVE-2011-1960 | |
| Telnet Handler Remote Code Execution Vulnerability | CVE-2011-1961 | |
| Shift JIS Character Encoding Vulnerability | CVE-2011-1962 | |
| XSLT Memory Corruption Vulnerability | CVE-2011-1963 | |
| Style Object Memory Corruption Vulnerability | CVE-2011-1964 | |
| Drag and Drop Information Disclosure Vulnerability | CVE-2011-2383 | |
| DNS NAPTR Query Vulnerability | CVE-2011-1966 | |
| DNS Uninitialized Memory Corruption Vulnerability | CVE-2011-1970 | |
| Data Access Components Insecure Library Loading Vulnerability | CVE-2011-1975 | |
| pStream Release RCE Vulnerability | CVE-2011-1972 | |
| Move Around the Block RCE Vulnerability | CVE-2011-1979 | |
| Remote Desktop Web Access Vulnerability | CVE-2011-1263 | |
| NDISTAPI Elevation of Privilege Vulnerability | CVE-2011-1974 | |
| CSRSS Vulnerability | CVE-2011-1967 | |
| ICMP Denial of Service Vulnerability | CVE-2011-1871 | |
| TCP/IP QOS Denial of Service Vulnerability | CVE-2011-1965 | |
| Remote Desktop Protocol Vulnerability | CVE-2011-1968 | |
| Chart Control Information Disclosure Vulnerability | CVE-2011-1977 | |
| Report Viewer Controls XSS Vulnerability | CVE-2011-1976 | |
| Windows Kernel Metadata Parsing DOS Vulnerability | CVE-2011-1971 | |
| Socket Restriction Bypass Vulnerability | CVE-2011-1978 |
MS11-057
The biggest bulletin this month is for Internet Explorer, containing fixes for 7 IE vulnerabilities. 6 of these vulnerabilities affect Internet Explorer 9. This update also includes improvements to IE9's protected mode feature.MS11-058
Two vulnerabilities affect the Microsoft DNS server are resolved with this bulletin. The more critical of the two involves NAPTR (Naming Authority Pointer) record (which is described in RFCs 3401, 3402, 3403 and 3404). Successful exploitation of this vulnerability would require the attacker setup a malicious authoritative DNS server and perform a DNS query against the victim DNS Server. Microsoft has released a blog post with additional details on this vulnerability.
MS11-059
This bulletin describes another DLL Preloading Fix. This one affects Windows Data Access Components.
MS11-060
The two vulnerabilities in this bulletin are the only file format vulnerabilities patched this month, and both of them affect Microsoft Visio.
MS11-061
The login page of Remote Desktop Web Access is vulnerable to cross-site scripting attacks. This issue is resolved with MS11-061.
MS11-062
The CVE resolved by MS11-062 could allow privilege escalation via the NDISTAPI driver.
MS11-063
This bulletin resolves a single vulnerability affecting the Client/Server Run-Time Subsystem. A privilege escalation vulnerability (which is what this bulletin fixes) was also patched in this component last month.
MS11-064
The two vulnerabilities fixed in MS11-064 affect the Windows TCP/IP stack. The less interesting of the two is related to URL-based QoS on Windows 7 and Server 2008 R2. The other is a denial of service that results from a series of ICMP packets sent to a host.
MS11-065
The single vulnerability resolved by MS11-065 affects the Remote Desktop Service on Windows XP and Server 2003.
MS11-066
The CVE resolved by MS11-062 could allow privilege escalation via the NDISTAPI driver.The vulnerability in this bulletin, called an 'Information Disclosure' is a directory traversal attack. It allows attackers to read files within directories that they should not have access to.
MS11-067
MS11-067 is the second cross-site scripting issue patched this month, this time in the Microsoft Report Viewer control.
MS11-068
This is a local denial of service vulnerability (requiring user interaction) that affects Windows Vista and newer.
MS11-069
The final bulletin this month fixes a flaw in the .NET framework, specifically related to XAML Browser Applications (XBAPs) that could allow an attacker to gain access to information or man-in-the-middle network traffic.
As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.
Ease of Use (published exploits) to Risk Table:
Automated Exploit |
|||||||
Easy |
|||||||
Moderate |
|||||||
Difficult |
|||||||
Extremely Difficult |
|||||||
No Known Exploit |
|||||||
Exposure |
Local Availability |
Local Access |
Remote Availability |
Remote Access |
Local Privileged |
Remote Privileged |
All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the nCircle website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.