Trend Micro Security

2011 年 12 月:マイクロソフト 定例セキュリティ更新プログラム情報

2013年2月20日
  危険度: :
  情報公開日: 12 13, 2011

  概要

Microsoft addresses the following vulnerabilities in its December batch of patches:

  • (MS11-087) Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
    Risk Rating: Critical

    This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files. Read more here.


  • (MS11-088) Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. Read more here.


  • (MS11-089) Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. Read more here.


  • (MS11-090) Cumulative Security Update of ActiveX Kill Bits (2618451)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Read more here.


  • (MS11-091) Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
    Risk Rating: Important

    This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. Read more here.


  • (MS11-092) Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. Read more here.


  • (MS11-093) Vulnerability in OLE Could Allow Remote Code Execution (2624667)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. Read more here.


  • (MS11-094) Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
    Risk Rating: Important

    This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. Read more here.

  • (MS11-095) Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). Read more here.


  • (MS11-096) Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. Read more here.


  • (MS11-097) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. Read more here.


  • (MS11-098) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. Read more here.


  • (MS11-099) Cumulative Security Update for Internet Explorer (2618444)
    Risk Rating: Important

    This security update resolves three privately reported vulnerabilities in Internet Explorer. Read more here.


  トレンドマイクロの対策

マイクロソフトは、2011 年 12 月の定例セキュリティ更新プログラムをリリースし、以下の脆弱性に対応しています。

  • MS11-087:Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (2639417)
    危険度:緊急

    詳しくは こちら

  • MS11-088:Microsoft Office IME (中国語版) の脆弱性により、特権が昇格される (2652016)
    危険度:

    詳しくは こちら

  • MS11-089:Microsoft Office の脆弱性により、リモートでコードが実行される (2590602)
    危険度:

    詳しくは こちら

  • MS11-090:ActiveX の Kill Bit の累積的なセキュリティ更新プログラム (2618451)
    危険度:緊急

    詳しくは こちら

  • MS11-091:Microsoft Publisher の脆弱性により、リモートでコードが実行される (2607702)
    危険度:

    詳しくは こちら

  • MS11-092:Windows Media の脆弱性により、リモートでコードが実行される (2648048)
    危険度:緊急

    詳しくは こちら

  • MS11-093:OLE の脆弱性により、リモートでコードが実行される (2624667)
    危険度:

    詳しくは こちら

  • MS11-094:Microsoft PowerPoint の脆弱性により、リモートでコードが実行される (2639142)
    危険度:

    詳しくは こちら

  • MS11-095:Active Directory の脆弱性により、リモートでコードが実行される (2640045)
    危険度:

    詳しくは こちら

  • MS11-096:Microsoft Excel の脆弱性により、リモートでコードが実行される (2640241)
    危険度:

    詳しくは こちら

  • MS11-097:Windows クライアント/サーバー ランタイム サブシステムの脆弱性により、特権が昇格される (2620712)
    危険度:

    詳しくは こちら

  • MS11-098:Windows カーネルの脆弱性により、特権が昇格される (2633171)
    危険度:

    詳しくは こちら

  • MS11-099:Internet Explorer 用の累積的なセキュリティ更新プログラム (2618444)
    危険度:

    詳しくは こちら


トレンドマイクロのサーバ向け総合セキュリティ製品「Trend Micro Deep Security(トレンドマイクロ ディープセキュリティ)」は、特定のフィルタを用いて以下の脆弱性から保護します。また、「Trend Micro 脆弱性対策オプション(ウイルスバスター コーポレートエディション プラグイン製品)」をご利用のユーザも、これらの脆弱性から保護されます。


Microsoft セキュリティ情報 ID CVE識別番号 フィルタ番号およびフィルタ名 Deep Security パターンバージョン Deep Security パターンリリース日
MS11-087 CVE-2011-3402 1004858 - Identified Suspicious Microsoft Office Files With Embedded Dexter Font (CVE-2011-3402) 11-035 2011年12月13日
MS11-090 CVE-2011-3397 1004876 - Microsoft Time Remote Code Execution Vulnerability (CVE-2011-3397) 11-035 2011年12月13日
MS11-092 CVE-2011-3401 1004658 - Restrict Microsoft Windows Media DVR-MS File Download (CVE-2011-3401) 11-035 2011年12月13日
MS11-094 CVE-2011-3413 1004883 - OfficeArt Shape RCE Vulnerability (CVE-2011-3413) 11-035 2011年12月13日
MS11-094 CVE-2011-3396 1004877 - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396) 11-035 2011年12月13日
MS11-094 CVE-2011-3396 1004879 - PowerPoint Insecure Library Loading Vulnerability Over WebDAV (CVE-2011-3396) 11-035 2011年12月13日
MS11-099 CVE-2011-2019 1004878 - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019) 11-035 2011年12月13日
MS11-099 CVE-2011-2019 1004882 - Internet Explorer Insecure Library Loading Vulnerability Over WebDav (CVE-2011-2019) 11-035 2011年12月13日

  その他の関連情報