Security News

Microsoft Security Bulletins Coverage (Feb 08, 2011)

By

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-003 Cumulative Security Update for Internet Explorer (2482017)

  • CVE-2010-3971 – CSS Memory Corruption Vulnerability
    IPS 6094 MS IE CSS Import Use-After-Free Code Execution Exploit 1
    IPS 6095 MS IE CSS Import Use-After-Free Code Execution Exploit 2
    IPS 6096 MS IE CSS Import Use-After-Free Code Execution Exploit 3
    IPS 6098 MS IE CSS Import Use-After-Free Attempt
  • CVE-2011-0035 – Uninitialized Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.
  • CVE-2011-0036 – Uninitialized Memory Corruption Vulnerability
    IPS 6223 MS IE DHTML Object Memory Corruption (MS11-003)
  • CVE-2011-0038 – Internet Explorer Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-004 Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)

  • CVE-2010-3972 – IIS FTP Service Heap Buffer Overrun Vulnerability
    IPS 6101 MS IIS FTP Server DoS Vulnerability

MS11-005 Vulnerability in Active Directory Could Allow Denial of Service (2478953)

  • CVE-2011-0040 – Active Directory SPN Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-006 Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

  • CVE-2010-3970 – Windows Shell Graphics Processing Overrun Vulnerability
    IPS 6119 MS Graphics Rendering Thumbnail Stack BO Exploit

MS11-007 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

  • CVE-2011-0033 – OpenType Font Encoded Character Vulnerability
    GAV 39973 OpenType.MS11-007

MS11-008 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)

  • CVE-2011-0092 – Visio Object Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.
  • CVE-2011-0093 – Visio Data Type Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.

MS11-009 Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)

  • CVE-2011-0031 – Scripting Engines Information Disclosure Vulnerability
    IPS 6224 Possible Scripting Engine Memory Corruption Attack

MS11-010 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)

  • CVE-2011-0030 – CSRSS Elevation of Privilege Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-011 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)

  • CVE-2010-4398 – Driver Improper Interaction with Windows Kernel Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0045 – Windows Kernel Integer Truncation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-012 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)

  • CVE-2011-0086 – Win32k Improper User Input Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0087 – Win32k Insufficient User Input Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0088 – Win32k Window Class Pointer Confusion Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0089 – Win32k Window Class Improper Pointer Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0090 – Win32k Memory Corruption Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-013 Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)

  • CVE-2011-0043 – Kerberos Unkeyed Checksum Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0091 – Kerberos Spoofing Vulnerability
    This is a local vulnerability. No IPS detecti
    on solution is available.

MS11-014 Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

  • CVE-2011-0039 – LSASS Length Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Multiple HTTP/2 Implementation Vulnerabilities
BIND Control Channel Denial of Service
8t_Dropper, RoyalRoad
Free game download links spread via Facebook come with free Infostealer
New PDF malware spam (Apr 28, 2010)
ECHELON infostealer spotted in the wild.
Fareit Trojan drops multiple malware families (April 18, 2014)
Gh0stnet now spreads as a fileless malware