October 2011- Microsoft Releases 8 Security Advisories
Severity: : High
Advisory Date: 11 de октября de 2011
DESCRIPTION
Microsoft addresses the following vulnerabilities in its October batch of patches:
- (MS11-075) Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Risk Rating: Important
This update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (.DLL) file. Read more here. - (MS11-076) Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Risk Rating: Important
This update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (.DLL) file. Read more here. - (MS11-077) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Risk Rating: Important
This update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. Read more here. - (MS11-078) Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Risk Rating: Critical
This update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Read more here. - (MS11-079) Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Risk Rating: Important
This update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected website using a specially crafted URL. Read more here. - (MS11-080) Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Risk Rating: Important
This update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. Read more here. - (MS11-081) Cumulative Security Update for Internet Explorer (2586448)
Risk Rating: Critical
This update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Read more here. - (MS11-082) Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Risk Rating: Important
This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Read more here.
INFORMATION EXPOSURE
Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.
| Microsoft Bulletin ID | Vulnerability ID | Rule Number & Title | Deep Security Pattern Version | Deep Security Pattern Release Date |
|---|---|---|---|---|
| MS11-075 | CVE-2011-1247 | 1004821 - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247) | 11-029 | Dec 12, 2011 |
| MS11-076 | CVE-2011-2009 | 1004609 - Identified Suspicious Microsoft DLL File ,Over WebDav | ||
| MS11-079 | CVE-2011-2012 | 1004822 Null Session Cookie Crash Vulnerability (CVE 2011-2012) | 11-029 | Dec 12, 2011 |
| MS11-079 | CVE-2011-1895 | 1000128 - HTTP Protocol Decoding | ||
| MS11-079 | CVE-2011-1896 | 1000552 - Generic Cross Site Scripting(XSS) Prevention | ||
| MS11-079 | CVE-2011-1897 | 1000552 - Generic Cross Site Scripting(XSS) Prevention | ||
| MS11-081 | CVE-2011-1993 | 1004813 -Internet Explorer Scroll Event Remote Code Execution Vulnerability (CVE-2011-1993) | 11-029 | Dec 12, 2011 |
| MS11-081 | CVE-2011-1995 | 1004819 - OLEAuto32.dll Remote Code Execution Vulnerability (CVE 2011-1995) | 11-029 | Dec 12, 2011 |
| MS11-081 | CVE-2011-1996 | 1004814 - Option Element Remote Code Execution Vulnerability (CVE-2011-1996) | 11-029 | Dec 12, 2011 |
| MS11-081 | CVE-2011-1999 | 1004816 - Select Element Remote Code Execution Vulnerability (CVE-2011-1999) | 11-029 | Dec 12, 2011 |
| MS11-081 | CVE-2011-2001 | 1004815 - Internet Explorer Virtual Function Table Corruption Remote Code Execution Vulnerability (CVE-2011-2001) | 11-029 | Dec 12, 2011 |
| MS11-082 | CVE-2011-2007 | 1004820 - Endless Loop DoS In snabase.exe Vulnerability (CVE-2011-2007) | 11-029 | Dec 12, 2011 |
| MS11-082 | CVE-2011-2008 | 1004683 - Microsoft Host Integration Server snabase.exe Memory Access Error |
