Posts

Microsoft Security Bulletin Coverage (Aug 9, 2011)

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-057 Cumulative Security Update for Internet Explorer

  • Window Open Race Condition Vulnerability – CVE-2011-1257
    This is a race condition. Not detectable by an IPS appliance.
  • Event Handlers Information Disclosure Vulnerability- CVE-2011-1960
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • Telnet Handler Remote Code Execution Vulnerability – CVE-2011-1961
    This is a binary planting vulnerability in the telnet scheme handler.
    IPS 6847 Possible Binary Planting Attempt 3
  • Shift JIS Character Encoding Vulnerability – CVE-2011-1962
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • XSLT Memory Corruption Vulnerability – CVE-2011-1963
    IPS 6848 MS IE XSLT Memory Corruption Attack Attempt
  • Style Object Memory Corruption Vulnerability – CVE-2011-1964
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.
  • Drag and Drop Information Disclosure Vulnerability – CVE-2011-2383
    This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

MS11-058Vulnerabilities in DNS Server Could Allow Remote Code Execution

  • DNS NAPTR Query Vulnerability – CVE-2011-1966
    IPS 1371 Suspicious DNS Traffic 3
  • DNS Uninitialized Memory Corruption Vulnerability – CVE-2011-1970
    There is no method of detecting attacks targeting this vulnerability. An attack is not distinguishable from valid scenario.

MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution

  • Data Access Components Insecure Library Loading Vulnerability – CVE-2011-1975
    IPS 5726 Possible Binary Planting Attempt

MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution

  • pStream Release RCE Vulnerability – CVE-2011-1972
    IPS 1374 Malformed Visio Document 1b
  • Move Around the Block RCE Vulnerability – CVE-2011-1979
    IPS 1388 Malformed Visio Document 2b

MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege

  • Remote Desktop Web Access Vulnerability – CVE-2011-1263
    IPS 6843 Remote Desktop Web Access XSS

MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege

  • NDISTAPI Elevation of Privilege Vulnerability – CVE-2011-1974
    This is a local vulnerability.

MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

  • CSRSS Vulnerability – CVE-2011-1967
    This is a local vulnerability.

MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service

  • ICMP Denial of Service Vulnerability – CVE-2011-1871
    This is a logical vulnerability. There is nothing distinguishable in attack traffic from normal traffic.
  • TCP/IP QOS Denial of Service Vulnerability – CVE-2011-1965
    This is a logical flaw which manifests itself in certain configurations of the vulnerable product. There is nothing distinguishable in attack traffic from normal traffic.

MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

  • Remote Desktop Protocol Vulnerability – CVE-2011-1968
    This is a race condition. Not detectable by an IPS appliance.

MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure

  • Chart Control Information Disclosure Vulnerability – CVE-2011-1977
    IPS 6845 Chart Control Information Disclosure Attempt

MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure

  • Report Viewer Controls XSS Vulnerability – CVE-2011-1976
    IPS 6844 Report Viewer Controls XSS Attempt

MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service

  • Windows Kernel Metadata Parsing DOS Vulnerability – CVE-2011-1971
    This is a local vulnerability.

MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure

  • Socket Restriction Bypass Vulnerability – CVE-2011-1978
    This is a local vulnerability.