12345

8/10/2011

Microsoft Security Bulletin Summary for August 2011

1. Introduction

Microsoft(MS)'s regular security updates were released for August 2011.
Users who use MS OS strongly recommended update to be safe from Interner Explorer cumulative security update, Vulnerability of DNS server, Data Access Components, Microsoft Visio, Vulnerability of remote desktop web access, and Remote code Execution, Elevation of Privilege,Denial of Service using Vulnerabilities of TCP/IP stack on August.

2. Update details

[Critical]
[MS11-057] Cumulative Security Update for Internet Explorer (2559049)


Vulnerability: Window Open Race Condition Vulnerability - CVE-2011-1257
Event Handlers Information Disclosure Vulnerability - CVE-2011-1960
Telnet Handler Remote Code Execution Vulnerability - CVE-2011-1961
Shift JIS Character Encoding Vulnerability - CVE-2011-1962
XSLT Memory Corruption Vulnerability - CVE-2011-1963
Style Object Memory Corruption Vulnerability - CVE-2011-1964
Drag and Drop Information Disclosure Vulnerability - CVE-2011-2383

This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

◈ Affected Software

- Internet Explorer 6 with Windows XP Service Pack 3
- Internet Explorer 6 with Windows XP Professional x64 Edition SP2
- Internet Explorer 6 with Windows Server 2003 SP2
- Internet Explorer 6 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 with Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 with Windows XP SP3
- Internet Explorer 7 with Windows XP Professional x64 Edition SP2
- Internet Explorer 7 with Windows Server 2003 SP2
- Internet Explorer 7 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 with Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 7 whit Windows Vista SP2
- Internet Explorer 7 with Windows Vista x64 Edition SP2
- Internet Explorer 7 with Windows Server 2008 for 32-bit Systems SP2
- Internet Explorer 7 with Windows Server 2008 for x64-based Systems SP2
- Internet Explorer 7 with Windows Server 2008 for Itanium-based Systems SP2
- Internet Explorer 8 with Windows XP SP3
- Internet Explorer 8 with Windows XP Professional x64 Edition SP2
- Internet Explorer 8 with Windows Server 2003 SP2
- Internet Explorer 8 with Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 with Windows 7 for 32-bit and Windows 7 for 32-bit SP1
- Internet Explorer 8 with Windows 7 for x64-based and Windows 7 for x64-based SP1
- Internet Explorer 8 whit Windows Vista SP2
- Internet Explorer 8 with Windows Vista x64 Edition SP2
- Internet Explorer 8 with Windows Server 2008 for 32-bit Systems SP2
- Internet Explorer 8 with Windows Server 2008 for 64-bit Systems SP2
- Internet Explorer 8 with Windows 2008 R2 for x64-based Systems SP1
- Internet Explorer 8 with Windows 2008 R2 for Itanium-based Systems SP1
- Internet Explorer 9 with Windows Vista SP2
- Internet Explorer 9 with Windows Vista x64 Edition SP2
- Internet Explorer 9 with Windows Server 2008 for 32-bit SP2
- Internet Explorer 9 with Windows Server 2008 for 64-bit SP2
- Internet Explorer 9 with Windows 7 for 32-bit and Windows 7 for 32-bit SP1
- Internet Explorer 9 with Windows 7 for x64-based and Windows 7 for x64-based SP1
- Internet Explorer 9 with Windows Server 2008 R2 for 64-bit and Windows Server 2008 R2 for 64-bit SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx



[Critical]
[MS11-058] Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)


Vulnerability: DNS NAPTR Query Vulnerability - CVE-2011-1966(CVE-2011-1966)
DNS Uninitialized Memory Corruption Vulnerability - CVE-2011-1970 (CVE-2011-1970)

This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.

◈ Affected Software

- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 SP2 Itanium-based
- Windows Server 2008 for x64-based and Windows Server 2008 for x64-based SP2
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-058.mspx




[Important]
[MS11-059] Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)


Vulnerability: Data Access Components Insecure Library Loading Vulnerability - CVE-2011-1975

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

◈ Affected Software

- Windows 7 for 32-bit and Windows 7 for 32bit SP1
- Windows 7 for x64-based and Windows 7 for x64-based SP1
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1
- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP2

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-059.mspx



[Important]
[MS11-060] Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)


Vulnerability: pStream Release RCE Vulnerability(CVE-2011-1972)
Move Around the Block RCE Vulnerability(CVE-2011-1979)

This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

◈ Affected Software

- Microsoft Visio 2003 Service Pack 3
- Microsoft Visio 2007 Service Pack 2
- Microsoft Visio 2010 and Microsoft Visio 2010 Service Pack 1 (32-bit editions)
- Microsoft Visio 2010 and Microsoft Visio 2010 Service Pack 1 (64-bit editions)

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-060.mspx



[Important]
[MS11-061] Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)


Vulnerability: Remote Desktop Web Access Vulnerability - CVE-2011-1263

This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.

◈ Affected Software

- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP2

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-061.mspx



[Important]
[MS11-062] Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)


Vulnerability : NDISTAPI Elevation of Privilege Vulnerability - CVE-2011-1974

This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section.

◈ Affected Software

- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 SP2 Itanium-based

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-062.mspx



[Important]
[MS11-063] Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)


Vulnerability: CSRSS Vulnerability - CVE-2011-1967

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

◈ Affected Software

- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 SP2 Itanium-based
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32bit and Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based and Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium-based and Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit and Windows 7 for 32bit SP1
- Windows 7 for x64-based and Windows 7 for x64-based SP1
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1
- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-063.mspx



[Important]
[MS11-064] Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)


Vulnerability: ICMP Denial of Service Vulnerability - CVE-2011-1871
TCP/IP QOS Denial of Service Vulnerability - CVE-2011-1965

This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.

◈ Affected Software

- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32bit and Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based and Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium-based and Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit and Windows 7 for 32bit SP1
- Windows 7 for x64-based and Windows 7 for x64-based SP1
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1
- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-064.mspx



[Important]
[MS11-065] Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)


Vulnerability: Remote Desktop Protocol Vulnerability - CVE-2011-1968

This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.

◈ Affected Software

- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 SP2 Itanium-based

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-065.mspx



[Important]
[MS11-066] Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)


Vulnerability: Chart Control Information Disclosure Vulnerability - CVE-2011-1977

This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.

◈ Affected Software

- Windows XP SP3 for Microsoft .NET Framework 4
- Windows XP Professional x64 Edition SP2 Microsoft .NET Framework 4
- Windows Server 2003 SP2 for Microsoft .NET Framework 4
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 4
- Windows Vista SP2 for Microsoft .NET Framework 4
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for 32-bit Systems SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for x64-based Systems SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for Itanium-based Systems SP2 for Microsoft .NET Framework 4
- Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems SP1 for Microsoft .NET Framework 4
- Windows 7 for x64-based Systems and Windows 7 for x64-based Systems SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for x64-based Systems for Microsoft .NET Framework 4
- Windows Server 2008 R2 for x64-based Systems SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for Itanium-based Systems for Microsoft .NET Framework 4
- Windows Server 2008 R2 for Itanium-based Systems SP1 for Microsoft .NET Framework 4

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-066.mspx



[Important]
[MS11-067] Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)


Vulnerability: Report Viewer Controls XSS Vulnerability - CVE-2011-1976

This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

◈ Affected Software

- Microsoft Visual Studio 2005 SP1
- Microsoft Report Viewer 2005 SP1 Redistributable Package

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-067.mspx



[Moderate]
[MS11-068] Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)


Vulnerability: Windows Kernel Metadata Parsing DOS Vulnerability - CVE-2011-1971

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.

◈ Affected Software

- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32bit and Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based and Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium-based and Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit and Windows 7 for 32bit SP1
- Windows 7 for x64-based and Windows 7 for x64-based SP1
- Windows Server 2008 R2 for x64-based and Windows Server R2 for x64-based SP1
- Windows Server 2008 R2 for Itanium-based and Windows Server 2008 R2 for Itanium SP1

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-068.mspx



[Moderate]
[MS11-069] Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)


Vulnerability: Socket Restriction Bypass Vulnerability - CVE-2011-1978

This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

◈ Affected Software

- Windows XP SP3 for Microsoft .NET Framework 2.0 SP2
- Windows XP SP3 for Microsoft .NET Framework 4
- Windows XP Professional x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows XP Professional x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2003 SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 SP2 for Microsoft .NET Framework 4
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2003 SP2 Itanium-based for Microsoft .NET Framework 2.0 SP2
- Windows Server 2003 SP2 Itanium-based for Microsoft .NET Framework 4
- Windows Vista SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Vista SP2 for Microsoft .NET Framework 4
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Vista x64 Edition SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for 32bit for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for 32bit for Microsoft .NET Framework 4
- Windows 2008 for 32bit SP2 for Microsoft .NET Framework 2.0 SP2
- Windows 2008 for 32bit SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for x64-based for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for x64-based for Microsoft .NET Framework 4
- Windows Server 2008 for x64-based SP2 for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for x64-based SP2 for Microsoft .NET Framework 4
- Windows Server 2008 for Itanium-based for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for Itanium-based for Microsoft .NET Framework 4
- Windows Server 2008 for Itanium SP2 for for Microsoft .NET Framework 2.0 SP2
- Windows Server 2008 for Itanium SP2 for Microsoft .NET Framework 4
- Windows 7 for 32-bit for Microsoft .NET Framework 3.5.1
- Windows 7 for 32-bit for Microsoft .NET Framework 4
- Windows 7 for 32bit SP1 for Microsoft .NET Framework 3.5.1
- Windows 7 for 32bit SP1 for Microsoft .NET Framework 4
- Windows 7 for x64-based for Microsoft .NET Framework 3.5.1
- Windows 7 for x64-based SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for x64-based for Microsoft .NET Framework 3.5.1
- Windows Server R2 for x64-based SP1 for Microsoft .NET Framework 4
- Windows Server 2008 R2 for Itanium-based for Microsoft .NET Framework 3.5.1
- Windows Server 2008 R2 for Itanium SP1 for Microsoft .NET Framework 4

- Reference site

http://www.microsoft.com/technet/security/bulletin/MS11-069.mspx

18 comments:

  1. Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    viamichelin
    putlocker
    google earth

    ReplyDelete
  2. What is the difference between Edition SP2 for Microsoft and Itanium-based for Microsoft and also SP1 for Microsoft I need some information my Essay Writing Help Website where can I get it?

    ReplyDelete
  3. If you are looking for the do my assignment for me and assignment help service provider then you should definitely go for AllAssignmentHelp.com. We offer all types of subjects assignment helps at the best price.

    ReplyDelete
  4. We are leading to offer essay writing help Australia to Australian students. Our services are available 24*7 for Australian students.

    ReplyDelete
  5. Good information to all of those students who are stuck with assignment writing and cannot understand how to do your sampling theory assignment? MyAssignmenthelp.com provides you with only top quality papers when you take statistics assignment help in U.S by assignmentexpert.

    ReplyDelete
  6. Excellent read, Positive site, where did u come up with the information on this posting? I have read a few of the post on your website now, and I really like your style. Assignment help

    ReplyDelete
  7. Our top qualified and university experts can provide the best help in your perdisco assignment. My Perdisco Help has some of the top knowledgeable and experienced MYOB assignment experts. MYOB assignment help

    ReplyDelete
  8. Best Assignment Experts can give you top grade in your assignment. Today students do not have time for write the assignment so here is Best assignment expert always ready to students assignment and essay writing help.

    ReplyDelete
  9. UML Diagram Assignment Help is the easiest method to access appropriate information for your homework. Get experts’ support at a reasonable price to reduce your stress and tensions for UML diagram homework.
    UML Assignment Help
    UML Diagrams Homework Help
    Do my UML Homework
    Make my UML Assignment
    Make UML Diagram
    How many pages is 1000 words

    ReplyDelete
  10. Students may agree that college life might be rather tasking and expensive in many aspects. If you should write lots of assignments whithin the limited period of time, here is your solution

    ReplyDelete
  11. being intelligent is a good thing or extraordinary is something from others. well, I wrote many articles on Blog Commenting Backlinks service in this I mention about the good things about the mind can achieve.

    ReplyDelete
  12. Assignment Help In US offers reasonable and dependable Online Assignment Help to understudies across US. All the specific administrations can be benefited in any straightforward or complex undertaking of any subject or course at a reasonable cost in this manner meeting the desires for understudies searching for quality Assignment Help inside some budgetary requirements. Persuade yourself simply in the wake of taking a gander at the rundown of our free examples discussing our quality and ability.

    ReplyDelete
  13. Before writing a literature review, one should clearly understand the purpose of writing.
    Pur short dissertation literature review outline is something what will help you to find some useful issues.

    ReplyDelete
  14. The blog have important information which help user to get proper knowledge. All types of coursework help for university level students as well as high school level students at affordable price. Get help quickly from Quick Assignment help.
    Data mining assignment help by expert professional at low price. To make grade high in course work, it is necessary to complete assignment according to instruction provided by professor. Get high content at quick assignment help with no plagiarism contents.

    ReplyDelete
  15. Thank you for your outstanding article. You will always find clients coming back to us which is a result of our excellent services. Our goal is to offer unique and specialized services to our clients and in return create a long-lasting working relationship. The best thing about working with us being that, we provide samples for any client who would want to see some before ordering from us. Learn more from Nursing Care Plan.

    ReplyDelete
  16. Assignment Help
    services uncover various modes to get writing assistance for different subjects. Place your order for academic writing services and grab the hands of professionals at a reasonable price even in the world java Assignment Help
    Law Assignment Help
    Finance Assignment Help
    Mathematics Assignment Help
    Essay Help
    Homework Help
    Programming Assignment Help

    ReplyDelete