Microsoft Security Bulletin Coverage (Aug 9, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-057 Cumulative Security Update for Internet Explorer

  • Window Open Race Condition Vulnerability – CVE-2011-1257
    This is a race condition. Not detectable by an IPS appliance.
  • Event Handlers Information Disclosure Vulnerability- CVE-2011-1960
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • Telnet Handler Remote Code Execution Vulnerability – CVE-2011-1961
    This is a binary planting vulnerability in the telnet scheme handler.
    IPS 6847 Possible Binary Planting Attempt 3
  • Shift JIS Character Encoding Vulnerability – CVE-2011-1962
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • XSLT Memory Corruption Vulnerability – CVE-2011-1963
    IPS 6848 MS IE XSLT Memory Corruption Attack Attempt
  • Style Object Memory Corruption Vulnerability – CVE-2011-1964
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • Drag and Drop Information Disclosure Vulnerability – CVE-2011-2383
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

MS11-058Vulnerabilities in DNS Server Could Allow Remote Code Execution

  • DNS NAPTR Query Vulnerability – CVE-2011-1966
    IPS 1371 Suspicious DNS Traffic 3
  • DNS Uninitialized Memory Corruption Vulnerability – CVE-2011-1970
    There is no method of detecting attacks targeting this vulnerability. An attack is not distinguishable from valid scenario.

MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution

  • Data Access Components Insecure Library Loading Vulnerability – CVE-2011-1975
    IPS 5726 Possible Binary Planting Attempt

MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution

  • pStream Release RCE Vulnerability – CVE-2011-1972
    IPS 1374 Malformed Visio Document 1b
  • Move Around the Block RCE Vulnerability – CVE-2011-1979
    IPS 1388 Malformed Visio Document 2b

MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege

  • Remote Desktop Web Access Vulnerability – CVE-2011-1263
    IPS 6843 Remote Desktop Web Access XSS

MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege

  • NDISTAPI Elevation of Privilege Vulnerability – CVE-2011-1974
    This is a local vulnerability.

MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

  • CSRSS Vulnerability – CVE-2011-1967
    This is a local vulnerability.

MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service

  • ICMP Denial of Service Vulnerability – CVE-2011-1871
    This is a logical vulnerability. There is nothing distinguishable in attack traffic from normal traffic.
  • TCP/IP QOS Denial of Service Vulnerability – CVE-2011-1965
    This is a logical flaw which manifests itself in certain configurations of the vulnerable product. There is nothing distinguishable in attack traffic from normal traffic.

MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

  • Remote Desktop Protocol Vulnerability – CVE-2011-1968
    This is a race condition. Not detectable by an IPS appliance.

MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure

  • Chart Control Information Disclosure Vulnerability – CVE-2011-1977
    IPS 6845 Chart Control Information Disclosure Attempt

MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure

  • Report Viewer Controls XSS Vulnerability – CVE-2011-1976
    IPS 6844 Report Viewer Controls XSS Attempt

MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service

  • Windows Kernel Metadata Parsing DOS Vulnerability – CVE-2011-1971
    This is a local vulnerability.

MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure

  • Socket Restriction Bypass Vulnerability – CVE-2011-1978
    This is a local vulnerability.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.