Hello and welcome to this month’s blog on the Microsoft patch release. This is fairly busy month —the vendor is releasing 16 bulletins covering a total of 34 vulnerabilities.
Fifteen of the issues are rated ‘Critical’ and they affect Internet Explorer, .NET, Windows kernel-mode drivers, OLE Automation, Distributed File System, SMB Client, and the Threat Management Gateway Firewall. A remote attacker may be able to exploit these issues to execute arbitrary code; this may aid in a user-level and/or possibly a complete compromise of a vulnerable computer.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available;
- Run all software with the least privileges required while still maintaining functionality;
- Avoid handling files from unknown or questionable sources;
- Never visit sites of unknown or questionable integrity;
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the June releases can be found here: http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx
The following is a breakdown of some of the critical issues being addressed this month:
1. MS11-050 Cumulative Security Update for Internet Explorer (2530548)
CVE-2011-1250 (BID 48202) Microsoft Internet Explorer Properties Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1251 (BID 48203) Microsoft Internet Explorer DOM Handling Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1254 (BID 48204) Microsoft Internet Explorer Drag and Drop Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1255 (BID 48206) Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1256 (BID 48207) Microsoft Internet Explorer DOM Editing Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1260 (BID 48208) Microsoft Internet Explorer Layout Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1261 (BID 48210) Microsoft Internet Explorer Selection Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
CVE-2011-1262 (BID 48211) Microsoft Internet Explorer HTTP Redirect Uninitialized Memory Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
2. MS11-052 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
CVE-2011-1266 (BID 48173) Microsoft Internet Explorer VML Memory Corruption CVE-2011-1266 Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
3. MS11-041 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
CVE-2011-1873 (BID 48183) Microsoft Windows 'win32k.sys' OpenType Font Parsing Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects the Windows kernel-mode drivers due to how they handle certain Open-Type Fonts. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page, or opening a malicious file. A successful exploit will result in the execution of arbitrary-attacker supplied code in kernel-mode. This may facilitate a complete compromise of the affected computer.
4. MS11-038 Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
CVE-2011-0658 (BID 48174) Microsoft Object Linking and Embedding (OLE) Automation WMF File Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 8.5/10)
A remote code-execution vulnerability affects Object Linking and Embedding (OLE) automation when parsing a WMF image file. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page or opening a specially crafted file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
5. MS11-039 Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
CVE-2011-0664 (BID 48212) Microsoft Silverlight & .NET Framework Invalid Array Offset Remote Code Execution Vulnerability (MS Rating: Crtical / Symantec Rating: 7.5/10)
A remote code-execution vulnerability affects .NET and Silverlight due to improper validation of arguments passed to built-in network functions. An attacker can exploit by tricking an unsuspecting victim into viewing a malicious webpage, or by uploading malicious .NET content to a server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim or targeted site.
6. MS11-044 Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
CVE-2011-1271(BID 47834) Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 8.9/10)
A previously public (March 4, 2011) remote code-execution vulnerability affects the Microsoft .NET framework in the Just-In-Time (JIT) compiler. An attacker can exploit by tricking an unsuspecting victim into viewing a malicious webpage, or by uploading malicious .NET content to a server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim or targeted site.
7. MS11-042 Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
CVE-2011-1868 (BID 48180) Microsoft Windows Distributed File System Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Distributed File System (DFS) due to how it parses DFS responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious DFS server. A successful exploit will result in the execution of arbitrary attacker-supplied code and potentially completely compromise the affected computer.
8. MS11-043 Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
CVE-2011-1268 (BID 48184) Microsoft Windows Server Message Block Client Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects SMB Client because it improperly handles certain SMB responses. An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a malicious SMB server. A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges. This may facilitate a complete compromise of the affected computer.
9. MS11-040 Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
CVE-2011-1889 (BID 48181) Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Memory Corruption Vulnerability (MS Rating: Critical / Symantec Rating: 7.5/10)
A remote code-execution vulnerability affects the Threat Management Gateway (TMG) Firewall client when handling specific requests. A remote attacker can exploit this issue by sending specially crafted requests to a computer running the affected application. A successful exploit will result in the execution of arbitrary code in the context of the affected application. This may facilitate a complete compromise of the affected computer.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.