Microsoft Patch Tuesday - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Microsoft Patch Tuesday 2011-08-09

MS11-057
Title	Multiple vulnerabilities in Internet Explorer allow random code execution with the rights of the logged on user and information leaks.
Replaces	MS11-050
Affected	MSIE
KB	KB2559049
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-1257	1

Top of page

MS11-058
Title	Multiple vulnerabilities in the DNS server allow random code execution through NAPTR (Naming Authority Pointer) queries against recursive servers and denial of service.
Replaces	MS90-08, MS11-046
Affected	DNS server
KB	KB2562485
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2011-1966	3

Top of page

MS11-059
Title	Windows DAC (Data Access Components) can incorrectly restrict the path used for loading libraries, allowing random code execution (e.g. by opening a excel file on a network share).
Replaces
Affected	Windows DAC, exposed through e.g. Excel
KB	KB2560656
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1975	1

Top of page

MS11-060
Title	Multiple vulnerabilities in Visio allow random code execution with the rights of the logged on user.
Replaces	MS11-008
Affected	Visio
KB	KB2560978
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2011-1972	1

Top of page

MS11-061
Title	A cross site scripting (XSS) vulnerability in Remote Desktop Web Access.
Replaces
Affected	Remote Desktop Web Access
KB	KB2546250
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Less urgent
ISC Server Rating	Less urgent

CVE	Exploitability
2011-1263	1

Top of page

MS11-062
Title	An input validation vulnerability in the way the NDISTAPI driver validates user mode input before sending it to the windows kernel allows privilege escalation.
Replaces
Affected	Remote Access Service (RAS)
KB	KB2566454
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1974	1

Top of page

MS11-063
Title	An input validation vulnerability in the Client/Server Runtime SybSystem allows privilege escalation by running arbitrary code in the context of another process.
Replaces	MS10-069, MS11-056
Affected	CSRSS
KB	KB2567680
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1967	1

Top of page

MS11-064
Title	Vulnerabilities in how windows kernels handle crafted ICMP messages and how Quality of Service (QoS) based on URLs on web hosts handles crafted URLs allow denial of service.
Replaces	MS10-058
Affected	TCP/IP stack
KB	KB2563894
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1871	3

Top of page

MS11-065
Title	A vulnerability in the RDP implementation allows denial of service of the exposed machine.
Replaces
Affected	Remote Desktop Protocol (RDP)
KB	KB2570222
Known Exploits	Yes
Microsoft Rating	Important
ISC Client Rating	Less urgent
ISC Server Rating	Less urgent

CVE	Exploitability
2011-1968	3

Top of page

MS11-066
Title	An input validation in the Chart Control allows retrieval of any file within the ASP.NET application.
Replaces
Affected	ASP.NET Chart Control
KB	KB2567943
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2011-1977	3

Top of page

MS11-067
Title	A cross site scripting (XSS) vulnerability in the Microsoft report viewer control.
Replaces	MS90-62
Affected	Report Viewer
KB	KB2578230
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1976	3

Top of page

MS11-068
Title	Access to meta-data of files (can be through the web and file sharing) can cause a reboot of the windows kernel.
Replaces	MS10-047
Affected	Windows Kernel
KB	KB2556532
Known Exploits	No
Microsoft Rating	Moderate
ISC Client Rating	Less urgent
ISC Server Rating	Less urgent

CVE	Exploitability
2011-1971	0

Top of page

MS11-069
Title	Lack of restricted access to the System.Net.Sockets namespace in the .NET framework allows information leaks and control over network traffic causing Denial of Service or portscanning.
Replaces	MS11-039
Affected	.NET framework
KB	KB2567951
Known Exploits	No
Microsoft Rating	Moderate
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2011-1978	0

Top of page

We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.