Handler on Duty: Didier Stevens
Threat Level: green
Microsoft Patch Tuesday 2011-08-09
| Title | Multiple vulnerabilities in Internet Explorer allow random code execution with the rights of the logged on user and information leaks. |
|---|---|
| Replaces | MS11-050 |
| Affected | MSIE |
| KB | KB2559049 |
| Known Exploits | Yes |
| Microsoft Rating | Critical |
| ISC Client Rating | Critical |
| ISC Server Rating | Critical |
| CVE | Exploitability |
|---|---|
| 2011-1257 | 1 |
| Title | Multiple vulnerabilities in the DNS server allow random code execution through NAPTR (Naming Authority Pointer) queries against recursive servers and denial of service. |
|---|---|
| Replaces | MS90-08, MS11-046 |
| Affected | DNS server |
| KB | KB2562485 |
| Known Exploits | No |
| Microsoft Rating | Critical |
| ISC Client Rating | N/A |
| ISC Server Rating | N/A |
| CVE | Exploitability |
|---|---|
| 2011-1966 | 3 |
| Title | Windows DAC (Data Access Components) can incorrectly restrict the path used for loading libraries, allowing random code execution (e.g. by opening a excel file on a network share). |
|---|---|
| Replaces | |
| Affected | Windows DAC, exposed through e.g. Excel |
| KB | KB2560656 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1975 | 1 |
| Title | Multiple vulnerabilities in Visio allow random code execution with the rights of the logged on user. |
|---|---|
| Replaces | MS11-008 |
| Affected | Visio |
| KB | KB2560978 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Critical |
| ISC Server Rating | Critical |
| CVE | Exploitability |
|---|---|
| 2011-1972 | 1 |
| Title | A cross site scripting (XSS) vulnerability in Remote Desktop Web Access. |
|---|---|
| Replaces | |
| Affected | Remote Desktop Web Access |
| KB | KB2546250 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Less urgent |
| ISC Server Rating | Less urgent |
| CVE | Exploitability |
|---|---|
| 2011-1263 | 1 |
| Title | An input validation vulnerability in the way the NDISTAPI driver validates user mode input before sending it to the windows kernel allows privilege escalation. |
|---|---|
| Replaces | |
| Affected | Remote Access Service (RAS) |
| KB | KB2566454 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1974 | 1 |
| Title | An input validation vulnerability in the Client/Server Runtime SybSystem allows privilege escalation by running arbitrary code in the context of another process. |
|---|---|
| Replaces | MS10-069, MS11-056 |
| Affected | CSRSS |
| KB | KB2567680 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1967 | 1 |
| Title | Vulnerabilities in how windows kernels handle crafted ICMP messages and how Quality of Service (QoS) based on URLs on web hosts handles crafted URLs allow denial of service. |
|---|---|
| Replaces | MS10-058 |
| Affected | TCP/IP stack |
| KB | KB2563894 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1871 | 3 |
| Title | A vulnerability in the RDP implementation allows denial of service of the exposed machine. |
|---|---|
| Replaces | |
| Affected | Remote Desktop Protocol (RDP) |
| KB | KB2570222 |
| Known Exploits | Yes |
| Microsoft Rating | Important |
| ISC Client Rating | Less urgent |
| ISC Server Rating | Less urgent |
| CVE | Exploitability |
|---|---|
| 2011-1968 | 3 |
| Title | An input validation in the Chart Control allows retrieval of any file within the ASP.NET application. |
|---|---|
| Replaces | |
| Affected | ASP.NET Chart Control |
| KB | KB2567943 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | N/A |
| ISC Server Rating | N/A |
| CVE | Exploitability |
|---|---|
| 2011-1977 | 3 |
| Title | A cross site scripting (XSS) vulnerability in the Microsoft report viewer control. |
|---|---|
| Replaces | MS90-62 |
| Affected | Report Viewer |
| KB | KB2578230 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1976 | 3 |
| Title | Access to meta-data of files (can be through the web and file sharing) can cause a reboot of the windows kernel. |
|---|---|
| Replaces | MS10-047 |
| Affected | Windows Kernel |
| KB | KB2556532 |
| Known Exploits | No |
| Microsoft Rating | Moderate |
| ISC Client Rating | Less urgent |
| ISC Server Rating | Less urgent |
| CVE | Exploitability |
|---|---|
| 2011-1971 | 0 |
| Title | Lack of restricted access to the System.Net.Sockets namespace in the .NET framework allows information leaks and control over network traffic causing Denial of Service or portscanning. |
|---|---|
| Replaces | MS11-039 |
| Affected | .NET framework |
| KB | KB2567951 |
| Known Exploits | No |
| Microsoft Rating | Moderate |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2011-1978 | 0 |
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
