Microsoft Security Bulletin Coverage (Nov 8, 2011)


SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

  • CVE-2011-2013 Reference Counter Overflow
    Normal traffic is not distinguishable from malicious traffic.

MS11-084 Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)

  • CVE-2011-2004 TrueType Font Parsing Vulnerability
    There is no feasible method of detection.

MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)

  • CVE-2011-2016 Windows Mail Insecure Library Loading Vulnerability
    IPS: 5726 – Possible Binary Planting Attempt 1

MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

  • CVE-2011-2014 LDAPS Authentication Bypass Vulnerability
    Normal traffic is not distinguishable from malicious traffic.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.