Microsoft today released 12 updates to Windows and Office fixing 22 separate vulnerabilities. One of the updates, fixing 2 of the vulnerabilities, affects Microsoft Visio. The remaining updates and vulnerabilities affect various versions of Windows.3 of the updates contain at least one vulnerability rated "critical" on at least one platform. One in particular (MS11-007) presents the possibility of kernel mode compromise of the system.
- MS11-003: Cumulative Security Update for Internet Explorer—4 remote code execution vulnerabilities are fixed. Two of them have been publicly disclosed, including a variation on the insecure DLL loading issue that we have been seeing fixed for months.
- MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution—This update fixes a publicly-disclosed vulnerability the handling of specially crafted thumbnail images by the Windows Shell graphics processor.
- MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution—A flaw in the Windows OpenType Compact Font Format (CFF) driver could allow remote code execution via specially crafted OpenType fonts. This update affects kernel mode code and is therefore more dangerous than the other two.
- MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution—A publicly-disclosed flaw in the IIS FTP service could allow remote code execution through a malicious command. The FTP service is not installed by default.
- MS11-005: Vulnerability in Active Directory Could Allow Denial of Service—Improper validation of service principal names (SPN) could lead to collisions and subsequent DOS.
- MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution—All versions of Visio are vulnerable to two remote code execution vulnerabilities exploitable through malicious data files.
- MS11-009: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure—A memory corruption could lead the scripting engines to disclose information which could be used to abuse the system further.
- MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege—The CSRSS terminates processes when a user logs off. A vulnerability in this function could allow an attacker to run code which could monitor the behavior of users who logged on to the system subsequently.
- MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege—All Windows versions are affected by a flaw in the interaction of drivers with the kernel. Another flaw affects only Windows XP.
- MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege—5 separate vulnerabilities.
- MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege—Two separate vulnerabilities are involved. The elevation of privilege bug had been publicly-disclosed. The other allows spoofing.
- MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege—Maliciously-crafted authentication requests could cause LSASS to elevate the user's privileges.
Posts
No comments:
Post a Comment