Anasayfa » Forum

Alert - Critical Pr...
 
Bildirimler

Alert - Critical Product Vulnerability - November 2011 Microsoft Security Bulletin Release  

  RSS
Hakan Uzuner
(@hakanuzuner)
Kıdemli Üye Yönetici
What is the purpose of this alert?
This alert is to
provide you with an overview of the new security bulletin(s) being released on
November 08, 2011. Security bulletins are released monthly to resolve critical
problem vulnerabilities.
New Security Bulletins
Microsoft is
releasing the following four new security bulletins for newly discovered
vulnerabilities:
Bulletin
ID
Bulletin
Title
Max Severity
Rating
Vulnerability
Impact
Restart
Requirement
Affected
Software
MS11-083 Vulnerability in
TCP/IP Could Allow Remote Code Execution (2588516)
Critical

Remote Code Execution Requires
restart
Microsoft Windows
Vista, Windows Server 2008, Windows 7, and Windows Server 2008
R2.
MS11-084 Vulnerability in Windows
Kernel-Mode Drivers Could Allow Denial of Service (2617657)
Moderate

Denial of
Service
Requires
restart
Microsoft Windows 7 and
Windows Server 2008 R2.
MS11-085 Vulnerability in
Windows Mail and Windows Meeting Space Could Allow Remote Code Execution
(2620704)
Important

Remote Code Execution May require
restart
Microsoft Windows
Vista, Windows Server 2008, Windows 7, and Windows Server 2008
R2.
MS11-086 Vulnerability in Active
Directory Could Allow Elevation of Privilege (2630837)
Important

Elevation
of Privilege
Requires
restart
Microsoft Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server
2008 R2.
* The list of
affected software in the summary table is an abstract. To see the full list of
affected components please click on the bulletin summary link provided below and
review the "Affected Software" section.
Summaries for new
bulletin(s) may be found at http://technet.microsoft.com/security/bulletin/ms11-nov .
Microsoft Windows Malicious Software Removal
Tool
Microsoft is
releasing an updated version of the Microsoft Windows Malicious Software Removal
Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the
Download Center. Information on the Microsoft Windows Malicious Software Removal
Tool is available at http://support.microsoft.com/?kbid=890830 .
High Priority Non-Security
Updates
High priority
non-security updates Microsoft releases to be available on Microsoft Update
(MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be
detailed in the KB article found at http://support.microsoft.com/?id=894199 .
Security Bulletin
Revisions
These two security
bulletins were revised on November 08, 2011:
MS11-037 -
Vulnerability in MHTML Could Allow Information Disclosure
(2544893)
Overview: Microsoft rereleased this bulletin to
reoffer the update on all supported editions of Windows XP and Windows Server
2003. The new offering of this update provides systems running Windows XP or
Windows Server 2003 with the same cumulative protection that is provided by this
update for all other affected operating systems. Systems running supported
editions of Windows XP and Windows Server 2003 will automatically be offered the
new version of this update.
Recommendations: Customers using Windows XP or
Windows Server 2003, including those who have already successfully installed the
update originally offered on June 14, 2011, should install the reoffered update.
See the FAQ section within the bulletin for details.
MS11-071
Vulnerability in Windows Components Could Allow Remote Code Execution
(2570947)
Overview: Microsoft rereleased this bulletin to
announce the availability of an update for Windows 7 Embedded. No other update
packages are affected by this rerelease.
Recommendations: See the FAQ section within the
bulletin for further details.
Public Bulletin
Webcast
Microsoft will host
a webcast to address customer questions on these
bulletins:
Title:
Information about Microsoft Security Bulletins for November (Level
200)
Date:
Wednesday, November 09, 2011, 11:00 A.M. Pacific Time (U.S. and
Canada)
New Security Bulletin Technical
Details
In the following
tables of affected and non-affected software, software editions that are not
listed are past their support lifecycle. To determine the support lifecycle for
your product and edition, visit the Microsoft Support Lifecycle web site at http://support.microsoft.com/lifecycle/ .
Bulletin
Identifier
Microsoft Security
Bulletin
MS11-083
Bulletin Title Vulnerability in TCP/IP Could Allow Remote Code Execution
(2588516)
Executive
Summary
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if an attacker
sends a continuous flow of specially crafted UDP packets to a closed port on a
target system. The security update addresses the vulnerability by modifying the
way that the Windows TCP/IP stack keeps track of UDP packets within
memory.
Severity Ratings and Affected
Software
This
security update is rated Critical for all supported editions of Windows Vista,
Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack
Vectors
An attacker
could exploit this vulnerability by sending a continuous flow of specially
crafted UDP packets to a closed port on a target system.
Mitigating Factors There
are no mitigations identified for this vulnerability.
Restart
Requirement
This update
requires a restart.
Bulletins Replaced by This
Update
MS11-064
Full
Details
http://technet.microsoft.com/security/bulletin/MS11-083
Bulletin
Identifier
Microsoft Security
Bulletin
MS11-084
Bulletin Title Vulnerability in Windows Kernel-Mode Drivers Could Allow
Denial of Service (2617657)
Executive
Summary
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow denial of service if a user opens a
specially crafted TrueType font file as an email attachment or navigates to a
network share or WebDAV location containing a specially crafted TrueType font
file. The security update addresses the vulnerability by ensuring that the
Windows kernel-mode drivers properly validate array indexes when loading
TrueType font files.
Severity Ratings and Affected
Software
This
security update is rated Moderate for all supported editions of Windows 7 and
Windows 2008 R2.
Attack
Vectors
An attacker
could host a specially crafted TrueType font on a network share and when the
user navigates to the share in Windows Explorer, the affected control path is
triggered via the Details and Preview panes. The specially crafted TrueType font
could then exploit the vulnerability and cause the system to stop
responding.
Mitigating Factors

  • For an attack to be successful, a user must visit an untrusted remote file
    system location or WebDAV share containing a specially crafted TrueType font
    file, or open the file as an email attachment. In all cases, however, an
    attacker would have no way to force users to perform these actions.
  • The file sharing protocol Server Message Block (SMB) is often disabled on
    the perimeter firewall. This limits the potential remote attack vectors for this
    vulnerability.
Restart
Requirement
This update
may require a restart.
Bulletins Replaced by This
Update
MS11-077
Full
Details
http://technet.microsoft.com/security/bulletin/MS11-084
Bulletin
Identifier
Microsoft Security
Bulletin
MS11-085
Bulletin Title Vulnerability in Windows Mail and Windows Meeting Space
Could Allow Remote Code Execution (2620704)
Executive
Summary
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens a
legitimate file (such as an .eml or .wcinv file) that is located in the same
network directory as a specially crafted dynamic link library (DLL) file. Then,
while opening the legitimate file, Windows Mail or Windows Meeting Space could
attempt to load the DLL file and execute any code it contained. The security
update addresses the vulnerability by correcting the manner in which Windows
Mail and Windows Meeting Space load external libraries.
Severity Ratings and Affected
Software
This
security update is rated Important for all supported editions of Windows Vista;
is rated Moderate for all supported editions of Windows Server 2008; and is
rated Low for all supported editions of Windows 7 and Windows Server 2008 R2.
Attack
Vectors

  • Email: An attacker could convince a user to open a legitimate file (such as
    an .eml or .wcinv file) that is located in the same network directory as a
    specially crafted dynamic link library (DLL) file. Then, while opening the
    legitimate file, Windows Mail or Windows Meeting Space could attempt to load the
    DLL file and execute any code it contained.
  • Network: In a network attack scenario, an attacker could place a legitimate
    file (such as an .eml or .wcinv file) and a specially crafted DLL file in a
    network share, a UNC, or WebDAV location and then convince the user to open the
    file.

Mitigating Factors

  • On Windows Server 2008, Windows Mail and Windows Meeting Space are not
    installed by default. Windows Mail is only installed when the Desktop Experience
    is also installed.
  • The file sharing protocol, Server Message Block (SMB), is often disabled on
    the perimeter firewall. This limits the potential attack vectors for this CVE.
  • For an attack to be successful, a user must visit an untrusted remote file
    system location or WebDAV share and open a legitimate file (such as an .eml or
    .wcinv file) from this location that is then loaded by a vulnerable
    application.
Restart
Requirement
This update
requires a restart.
Bulletins Replaced by This
Update
None
Full
Details
http://technet.microsoft.com/security/bulletin/MS11-085
Bulletin
Identifier
Microsoft Security
Bulletin
MS11-086
Bulletin Title Vulnerability in Active Directory Could Allow Elevation
of Privilege (2630837)
Executive
Summary
This
security update resolves a privately reported vulnerability in Active Directory,
Active Directory Application Mode (ADAM), and Active Directory Lightweight
Directory Service (AD LDS). The vulnerability could allow elevation of privilege
if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker
acquires a revoked certificate that is associated with a valid domain account
and then uses that revoked certificate to authenticate to the Active Directory
domain. The security update addresses the vulnerability by changing the way that
Active Directory verifies certificates against the Certificate Revocation List
(CRL).
Severity Ratings and Affected
Software
This
security update is rated Important for Active Directory, ADAM, and AD LDS when
installed on supported editions of Windows XP, Windows Server 2003, Windows
Vista, Windows Server 2008 (except Itanium), Windows 7, and Windows Server 2008
R2 (except Itanium).
Attack
Vectors
To
exploit this vulnerability, an attacker would first have to acquire a revoked
certificate that is associated with a valid account on the domain. An attacker
could then exploit this vulnerability by using this previously revoked
certificate to authenticate to the Active Directory domain and gain access to
network resources or run code under the privileges of a specific authorized user
with which the certificate is associated.
Mitigating Factors By
default, Active Directory is not configured to use LDAP over
SSL.
Restart
Requirement
This update
requires a restart.
Bulletins Replaced by This
Update
MS10-068
Full
Details
http://technet.microsoft.com/security/bulletin/MS11-086
Regarding Information
Consistency
We strive to
provide you with accurate information in static (this mail) and dynamic
(web-based) content. Microsoft’s security content posted to the web is
occasionally updated to reflect late-breaking information. If this results in an
inconsistency between the information here and the information in Microsoft’s
web-based security content, the information in Microsoft’s web-based security
content is authoritative.
If you have any
questions regarding this alert please contact your Technical Account
Manager.
Thank
you,
Microsoft CSS
Security Team

Danışman - ITSTACK Bilgi Sistemleri
****************************************************************
Probleminiz Çözüldüğünde Sonucu Burada Paylaşırsanız.
Sizde Aynı Problemi Yaşayanlar İçin Yardım Etmiş Olursunuz.
Eğer sorununuz çözüldü ise lütfen "çözüldü" olarak işaretlerseniz diğer üyeler için çok büyük kolaylık sağlayacaktır.
*****************************************************************

Alıntı
Gönderildi : 10/11/2011 22:52
Ufuk TATLIDIL
(@ufuktatlidil)
Saygın Üye

Emeğine sağlık , güzel paylaşım hocam.

CevapAlıntı
Gönderildi : 12/11/2011 22:24
Paylaş: