Severity: : High
  Advisory Date: 08 de lutego de 2011

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS11-003) Cumulative Security Update for Internet Explorer (2482017)
    Risk Rating: Critical

    This security update addresses vulnerabilities in Internet Explorer that could allow remote code execution. The exploit works when a user views a specially crafted Web page using Internet Explorer or opens a legitimate HTML file that loads a specially crafted library file. Read more here.

  • (MS11-004) Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
    Risk Rating: Important

    This security update addresses a vulnerability in Microsoft Internet Information Services (IIS) FTP Service, which could allow remote code execution if an FTP server receives a specially crafted FTP command. Read more here.

  • (MS11-005) Vulnerability in Active Directory Could Allow Denial of Service (2478953)
    Risk Rating: Important

    This security update addresses a vulnerability in Active Directory, which could allow denial of service if an attacker sent a specially crafted packet to an affected Active Directory server. Read more here.

  • (MS11-006) Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
    Risk Rating: Critical

    This security update addresses a vulnerability in the Windows Shell graphics processor, which could allow remote code execution if a user views a specially crafted thumbnail image. Read more here.

  • (MS11-007) Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
    Risk Rating: Critical

    This security update addresses a vulnerability in the Windows OpenType Compact Font Format (CFF) driver, which could allow remote code execution if a user views content rendered in a specially crafted CFF font. Read more here.

  • (MS11-008) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
    Risk Rating: Important

    This security update addresses two vulnerabilities in Microsoft Visio, could allow remote code execution if a user opens a specially crafted Visio file. Read more here.

  • (MS11-009) Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
    Risk Rating: Important

    This security update addresses a vulnerability in the JScript and VBScript scripting engines, which could allow information disclosure if a user visited a specially crafted website. Read more here.

  • (MS11-010) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
    Risk Rating: Important

    This security update addresses a vulnerability in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS), which could allow elevation of privilege. Read more here.

  • (MS11-011) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
    Risk Rating: Important

    This security update addresses vulnerabilities in Microsoft Windows, which could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. Read more here.

  • (MS11-012) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
    Risk Rating: Important

    This security update addresses vulnerabilities in Microsoft Windows, which could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. Read more here.

  • (MS11-013) Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
    Risk Rating: Important

    This security update addresses vulnerabilities in Microsoft Windows with the more severe ones capable of allowing elevation of privilege if a local, authenticated attacker installs a malicious service on a domain-joined computer. Read more here.

  • (MS11-014) Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
    Risk Rating: Important

    This security update addresses a vulnerability in the Local Security Authority Subsystem Service (LSASS), which could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Read more here.

  INFORMATION EXPOSURE

Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.

Microsoft Bulletin ID Vulnerability ID Identifier & Title IDF First Pattern Version IDF First Pattern Release Version
MS11-003 CVE-2010-3971 1004550 - Microsoft Internet Explorer CSS Parsing Remote Code Execution 11-001 Jan 05, 2011
CVE-2011-0036 1004589 - Uninitialized Memory Corruption Vulnerability 11-005 Feb 09, 2011
MS11-006 CVE-2010-3970 1004562 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability 11-002 Jan 12, 2011
1004563 - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share 11-002 Jan 12, 2011
MS11-009 CVE-2011-0031 1004588 - Microsoft Script Encoder Memory Corruption Vulnerability 11-005 Feb 09, 2011
MS11-013 CVE-2011-0091 1004591 - Kerberos Spoofing Vulnerability 11-005 Feb 09, 2011

  SOLUTION