Hello and welcome to this month’s blog regarding the Microsoft patch release. This is a smaller month in terms of patches—the vendor has released five bulletins covering a total of 15 vulnerabilities.
This month, all of the issues are rated “Important” and they affect Windows, Office, Excel, and SharePoint. Of note this month are the Office and Excel issues, which can be exploited to execute arbitrary code if a user opens a specially malformed file.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the September releases can be found here:
http://www.microsoft.com/technet/security/bulletin/ms11-sep.mspx
The following is a breakdown of the issues being addressed this month:
1. MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
CVE-2011-1980 (BID 49519) Microsoft Office Shared Component CVE-2011-1980 DLL Loading Arbitrary Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 8.5/10)
A remote code-execution vulnerability affects Office due to the way it loads DLL files. An attacker can exploit this issue by tricking an unsuspecting victim into opening an Office file from a remote SMB or WebDAV share. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
CVE-2011-1982 (BID 49513) Microsoft Office 'MSO.dll' Uninitialized Pointer (CVE-2011-1982) Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Office when handling a specially crafted Word file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
2. MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
CVE-2011-1986 (BID 49476) Microsoft Excel Malformed Object CVE-2011-1986 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Excel when handling a malformed file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
CVE-2011-1987 (BID 49477) Microsoft Excel Array Indexing CVE-2011-1987 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Excel when handling a malformed file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
CVE-2011-1988 (BID 49478) Microsoft Excel Malformed Record CVE-2011-1988 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Excel when handling a malformed file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
CVE-2011-1989 (BID 49518) Microsoft Excel Conditional Expression CVE-2011-1989 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Excel when handling a malformed file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
CVE-2011-1990 (BID 49517) Microsoft Excel Array Index CVE-2011-1990 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A remote code-execution vulnerability affects Excel when handling a malformed file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.
3. MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
CVE-2011-0653 (BID 49002) Microsoft SharePoint Calendar CVE-2011-0653 Cross Site Scripting Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A cross-site scripting vulnerability affects SharePoint because it does not properly handle JavaScript elements in a URI. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. A successful exploit will allow an attacker to disclose potentially sensitive information, perform actions on the targeted site in the context of the victim, or execute arbitrary script code in the browser in the context of the targeted site.
CVE-2011-1252 (BID 48199) Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability (MS Rating: Important / Symantec Rating: 6.7/10)
A previously public (June 14, 2011) information-disclosure vulnerability affects SharePoint due to the way the SafeHTML function sanitizes HTML. An attacker may be able to exploit this issue to conduct cross-site scripting attacks.
CVE-2011-1890 (BID 49010) Microsoft SharePoint 'EditForm.aspx' CVE-2011-1890 Script Injection Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A cross-site scripting vulnerability affects SharePoint because it does not properly sanitize data supplied to the ‘EditForm.aspx’ page. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. A successful exploit may allow an attacker to disclose potentially sensitive information, perform actions on the targeted site in the context of the victim, or execute arbitrary script code in the browser in the context of the targeted site.
CVE-2011-1891 (BID 49005) Microsoft SharePoint Contact Details CVE-2011-1891 Cross Site Scripting Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A cross-site scripting vulnerability affects SharePoint because it does not properly sanitize certain SharePoint parameters. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. A successful exploit will allow an attacker to disclose potentially sensitive information, perform actions on the targeted site in the context of the victim, or execute arbitrary script code in the browser in the context of the targeted site.
CVE-2011-1892 (BID 49511) Microsoft SharePoint XML Handling Remote File Disclosure Vulnerability (MS Rating: Important / Symantec Rating: 5/10)
An information-disclosure vulnerability affects SharePoint because it fails to properly restrict the use of XML classes. An authenticated attacker can exploit this issue to retrieve arbitrary files from the SharePoint service in the context of the Web service. Information obtained may aid in further attacks.
CVE-2011-1893 (BID 49004) Microsoft SharePoint Calendar CVE-2011-0653 Cross Site Scripting Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)
A cross-site scripting vulnerability affects SharePoint because it does not properly sanitize URI input. An attacker can exploit this issue by tricking an unsuspecting victim into following a malicious URI. A successful exploit may allow an attacker to disclose potentially sensitive information, perform actions on the targeted site in the context of the victim, or execute arbitrary script code in the browser in the context of the targeted site.
4. MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
CVE-2011-1991 (BID 47741) Multiple Microsoft Products DLL Loading Arbitrary Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 8.5/10)
A previously public (May 6, 2011) remote code-execution vulnerability affects Windows due to the way certain components load DLL files. An attacker can exploit this issue by enticing an unsuspecting victim to open a file on a remote SMB or WebDAV share. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
5. MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
CVE-2011-1984 (BID 49523) Microsoft Windows WINS Server 'ECommEndDlg()' Local Privilege Escalation Vulnerability (MS Rating: Important / Symantec Rating: 8/10)
A local privilege-escalation vulnerability affects Windows Internet Name Service (WINS) when handling a series of malformed packets sent over the loopback interface. A successful exploit will allow an attacker to elevate their privileges to local-system. This may facilitate a complete compromise of an affected computer.
-------------
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.