SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-057 Cumulative Security Update for Internet Explorer

• Window Open Race Condition Vulnerability – CVE-2011-1257
  This is a race condition. Not detectable by an IPS appliance.

• Event Handlers Information Disclosure Vulnerability- CVE-2011-1960
  This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

• Telnet Handler Remote Code Execution Vulnerability – CVE-2011-1961
  This is a binary planting vulnerability in the telnet scheme handler.
  IPS 6847 Possible Binary Planting Attempt 3

• Shift JIS Character Encoding Vulnerability – CVE-2011-1962
  This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

• XSLT Memory Corruption Vulnerability – CVE-2011-1963
  IPS 6848 MS IE XSLT Memory Corruption Attack Attempt

• Style Object Memory Corruption Vulnerability – CVE-2011-1964
  This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

• Drag and Drop Information Disclosure Vulnerability – CVE-2011-2383
  This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

MS11-058Vulnerabilities in DNS Server Could Allow Remote Code Execution

• DNS NAPTR Query Vulnerability – CVE-2011-1966
  IPS 1371 Suspicious DNS Traffic 3

• DNS Uninitialized Memory Corruption Vulnerability – CVE-2011-1970
  There is no method of detecting attacks targeting this vulnerability. An attack is not distinguishable from valid scenario.

MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution

• Data Access Components Insecure Library Loading Vulnerability – CVE-2011-1975
  IPS 5726 Possible Binary Planting Attempt

MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution

• pStream Release RCE Vulnerability – CVE-2011-1972
  IPS 1374 Malformed Visio Document 1b

• Move Around the Block RCE Vulnerability – CVE-2011-1979
  IPS 1388 Malformed Visio Document 2b

MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege

• Remote Desktop Web Access Vulnerability – CVE-2011-1263
  IPS 6843 Remote Desktop Web Access XSS

MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege

• NDISTAPI Elevation of Privilege Vulnerability – CVE-2011-1974
  This is a local vulnerability.

MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

• CSRSS Vulnerability – CVE-2011-1967
  This is a local vulnerability.

MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service

• ICMP Denial of Service Vulnerability – CVE-2011-1871
  This is a logical vulnerability. There is nothing distinguishable in attack traffic from normal traffic.

• TCP/IP QOS Denial of Service Vulnerability – CVE-2011-1965
  This is a logical flaw which manifests itself in certain configurations of the vulnerable product. There is nothing distinguishable in attack traffic from normal traffic.

MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

• Remote Desktop Protocol Vulnerability – CVE-2011-1968
  This is a race condition. Not detectable by an IPS appliance.

MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure

• Chart Control Information Disclosure Vulnerability – CVE-2011-1977
  IPS 6845 Chart Control Information Disclosure Attempt

MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure

• Report Viewer Controls XSS Vulnerability – CVE-2011-1976
  IPS 6844 Report Viewer Controls XSS Attempt

MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service

• Windows Kernel Metadata Parsing DOS Vulnerability – CVE-2011-1971
  This is a local vulnerability.

MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure

• Socket Restriction Bypass Vulnerability – CVE-2011-1978
  This is a local vulnerability.