Posts

Microsoft Security Bulletins Coverage (Feb 08, 2011)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-003 Cumulative Security Update for Internet Explorer (2482017)

  • CVE-2010-3971 – CSS Memory Corruption Vulnerability
    IPS 6094 MS IE CSS Import Use-After-Free Code Execution Exploit 1
    IPS 6095 MS IE CSS Import Use-After-Free Code Execution Exploit 2
    IPS 6096 MS IE CSS Import Use-After-Free Code Execution Exploit 3
    IPS 6098 MS IE CSS Import Use-After-Free Attempt
  • CVE-2011-0035 – Uninitialized Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.
  • CVE-2011-0036 – Uninitialized Memory Corruption Vulnerability
    IPS 6223 MS IE DHTML Object Memory Corruption (MS11-003)
  • CVE-2011-0038 – Internet Explorer Insecure Library Loading Vulnerability
    IPS 5726 Possible Binary Planting Attempt

MS11-004 Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)

  • CVE-2010-3972 – IIS FTP Service Heap Buffer Overrun Vulnerability
    IPS 6101 MS IIS FTP Server DoS Vulnerability

MS11-005 Vulnerability in Active Directory Could Allow Denial of Service (2478953)

  • CVE-2011-0040 – Active Directory SPN Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-006 Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

  • CVE-2010-3970 – Windows Shell Graphics Processing Overrun Vulnerability
    IPS 6119 MS Graphics Rendering Thumbnail Stack BO Exploit

MS11-007 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

  • CVE-2011-0033 – OpenType Font Encoded Character Vulnerability
    GAV 39973 OpenType.MS11-007

MS11-008 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)

  • CVE-2011-0092 – Visio Object Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.
  • CVE-2011-0093 – Visio Data Type Memory Corruption Vulnerability
    This is a logical vulnerability. No IPS detection solution is available.

MS11-009 Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)

  • CVE-2011-0031 – Scripting Engines Information Disclosure Vulnerability
    IPS 6224 Possible Scripting Engine Memory Corruption Attack

MS11-010 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)

  • CVE-2011-0030 – CSRSS Elevation of Privilege Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-011 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)

  • CVE-2010-4398 – Driver Improper Interaction with Windows Kernel Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0045 – Windows Kernel Integer Truncation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-012 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)

  • CVE-2011-0086 – Win32k Improper User Input Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0087 – Win32k Insufficient User Input Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0088 – Win32k Window Class Pointer Confusion Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0089 – Win32k Window Class Improper Pointer Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0090 – Win32k Memory Corruption Vulnerability
    This is a local vulnerability. No IPS detection solution is available.

MS11-013 Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)

  • CVE-2011-0043 – Kerberos Unkeyed Checksum Vulnerability
    This is a local vulnerability. No IPS detection solution is available.
  • CVE-2011-0091 – Kerberos Spoofing Vulnerability
    This is a local vulnerability. No IPS detecti
    on solution is available.

MS11-014 Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

  • CVE-2011-0039 – LSASS Length Validation Vulnerability
    This is a local vulnerability. No IPS detection solution is available.