Microsoft Security Bulletin Coverage (Aug 9, 2011)

SonicWALL has analyzed and addressed Microsoft's security advisories for the month of August, 2011. A list of issues reported, along with SonicWALL coverage information follows:

MS11-057 Cumulative Security Update for Internet Explorer

Window Open Race Condition Vulnerability - CVE-2011-1257
This is a race condition. Not detectable by an IPS appliance.

Event Handlers Information Disclosure Vulnerability- CVE-2011-1960
This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

Telnet Handler Remote Code Execution Vulnerability - CVE-2011-1961
This is a binary planting vulnerability in the telnet scheme handler.
IPS 6847 Possible Binary Planting Attempt 3

Shift JIS Character Encoding Vulnerability - CVE-2011-1962
This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

XSLT Memory Corruption Vulnerability - CVE-2011-1963
IPS 6848 MS IE XSLT Memory Corruption Attack Attempt

Style Object Memory Corruption Vulnerability - CVE-2011-1964
This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

Drag and Drop Information Disclosure Vulnerability - CVE-2011-2383
This is a logical flaw in the script engine of IE. Normal traffic is not distinguishable from malicious traffic.

MS11-058Vulnerabilities in DNS Server Could Allow Remote Code Execution

DNS NAPTR Query Vulnerability - CVE-2011-1966
IPS 1371 Suspicious DNS Traffic 3

DNS Uninitialized Memory Corruption Vulnerability - CVE-2011-1970
There is no method of detecting attacks targeting this vulnerability. An attack is not distinguishable from valid scenario.

MS11-059 Vulnerability in Data Access Components Could Allow Remote Code Execution

Data Access Components Insecure Library Loading Vulnerability - CVE-2011-1975
IPS 5726 Possible Binary Planting Attempt

MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution

pStream Release RCE Vulnerability - CVE-2011-1972
IPS 1374 Malformed Visio Document 1b

Move Around the Block RCE Vulnerability - CVE-2011-1979
IPS 1388 Malformed Visio Document 2b

MS11-061 Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege

Remote Desktop Web Access Vulnerability - CVE-2011-1263
IPS 6843 Remote Desktop Web Access XSS

MS11-062 Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege

NDISTAPI Elevation of Privilege Vulnerability - CVE-2011-1974
This is a local vulnerability.

MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

CSRSS Vulnerability - CVE-2011-1967
This is a local vulnerability.

MS11-064 Vulnerabilities in TCP/IP Stack Could Allow Denial of Service

ICMP Denial of Service Vulnerability - CVE-2011-1871
This is a logical vulnerability. There is nothing distinguishable in attack traffic from normal traffic.

TCP/IP QOS Denial of Service Vulnerability - CVE-2011-1965
This is a logical flaw which manifests itself in certain configurations of the vulnerable product. There is nothing distinguishable in attack traffic from normal traffic.

MS11-065 Vulnerability in Remote Desktop Protocol Could Allow Denial of Service

Remote Desktop Protocol Vulnerability - CVE-2011-1968
This is a race condition. Not detectable by an IPS appliance.

MS11-066 Vulnerability in Microsoft Chart Control Could Allow Information Disclosure

Chart Control Information Disclosure Vulnerability - CVE-2011-1977
IPS 6845 Chart Control Information Disclosure Attempt

MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure

Report Viewer Controls XSS Vulnerability - CVE-2011-1976
IPS 6844 Report Viewer Controls XSS Attempt

MS11-068 Vulnerability in Windows Kernel Could Allow Denial of Service

Windows Kernel Metadata Parsing DOS Vulnerability - CVE-2011-1971
This is a local vulnerability.

MS11-069 Vulnerability in .NET Framework Could Allow Information Disclosure

Socket Restriction Bypass Vulnerability - CVE-2011-1978
This is a local vulnerability.

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.