Microsoft Patch Tuesday – August 2011

August 9, 2011

Hello and welcome to this month’s blog on Microsoft's patch releases. This is an average month—the vendor is releasing 13 bulletins covering a total of 22 vulnerabilities.

Three of the issues are rated critical and they affect Internet Explorer and Windows DNS. The DNS issue could allow an attacker to take complete control of an affected computer. The remaining issues—rated important to moderate—affect Internet Explorer, Windows, Windows DNS, Visio, Visual Studio, and the Windows kernel.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available;
  • Run all software with the least privileges required while still maintaining functionality;
  • Avoid handling files from unknown or questionable sources;
  • Never visit sites of unknown or questionable integrity;
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the August releases can be found here: http://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx

The following is a breakdown of some of the issues being addressed this month:

1. MS11-057 Cumulative Security Update for Internet Explorer (2559049)

CVE-2011-1257 (BID 48994) Microsoft Internet Explorer Window Open Race Condition Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)

  • A remote code-execution vulnerability affects Internet Explorer due to a race condition. An attacker can exploit this issue by tricking an unsuspecting victim into visiting a site containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected browser.
  • Affects: Internet Explorer 6, 7, and 8

CVE-2011-1960 (BID 49023) Microsoft Internet Explorer Event Handlers Cross Domain Information Disclosure Vulnerability (MS Rating: Important / Symantec Rating: 5.3/10)

  • A cross-domain information-disclosure vulnerability affects Internet Explorer. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will allow the attacker to retrieve potentially sensitive information across domains.
  • Affects: Internet Explorer 6, 7, 8, and 9

CVE-2011-1961 (BID 49027) Microsoft Internet Explorer Telnet URI Handler Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 8.5/10)

  • A remote code-execution vulnerability affects Internet Explorer when handling the "telnet" URI handler. An attacker can exploit this issue by tricking an unsuspecting victim into visiting a site containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected browser.
  • Affects: Internet Explorer 6, 7, 8, and 9

CVE-2011-1962 (BID 49032) Microsoft Internet Explorer Shift JIS Character Encoding Information Disclosure Vulnerability (MS Rating: Moderate / Symantec Rating: 5.3/10)

  • A cross-domain information-disclosure vulnerability affects Internet Explorer because of how it handles certain character sequences. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will allow the attacker to retrieve potentially sensitive information across domains.
  • Affects: Internet Explorer 6, 7, 8, and 9

CVE-2011-1963 (BID 49037) Microsoft Internet Explorer XSLT Memory Corruption Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

  • A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly deleted, or initialized. An attacker can exploit this issue by tricking an unsuspecting victim into visiting a site containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected browser.
  • Affects: Internet Explorer 7, 8, and 9

CVE-2011-1964 (BID 49039) Microsoft Internet Explorer Style Object Memory Corruption Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 7.1/10)

  • A remote code-execution vulnerability affects Internet Explorer due to how it handles an object that has not been properly deleted, or initialized. An attacker can exploit this issue by tricking an unsuspecting victim into visiting a site containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected browser.
  • Affects: Internet Explorer 6, 7, 8, and 9

CVE-2011-2383 (BID 47989) Microsoft Internet Explorer Cross Zone Local Cookie File Access Security Bypass Vulnerability (MS Rating: Moderate / Symantec Rating: 6.7/10)

  • A previously public (May 25, 2011) information-disclosure vulnerability affects Internet Explorer due to how it stores cookie files. An attacker can exploit this issue by tricking an unsuspecting victim to perform certain drag-and-drop operations. A successful exploit will result in the disclosure of potentially sensitive information.
  • Affects: Internet Explorer 6, 7, 8, and 9

2. MS11-058 Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

CVE-2011-1966 (BID 49012) Microsoft Windows DNS Server NAPTR Query Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Rating: 8.2/10)

  • A remote code-execution vulnerability affects the Windows DNS Server when handling NAPTR query strings. An attacker can exploit this issue by sending a specially crafted Naming Authority Pointer (NAPTR) query to an affected DNS server. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected application. This may facilitate a complete system compromise.
  • Affects: Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1

CVE-2011-1970 (BID 49019) Microsoft Windows DNS Server Uninitialized Memory Remote Denial of Service Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)

  • A denial-of-service vulnerability affects Windows DNS Server due to how it handles an object that has not been properly initialized. An attacker can exploit this by sending a specially crafted DNS query to an affected server. A successful exploit will cause the server to stop responding, effectively denying service.
  • Affects: Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1

3. MS11-060 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)

CVE-2011-1979 (BID 49021) Microsoft Visio CVE-2011-1979 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)

  • A remote code-execution vulnerability affects Visio when parsing a specially crafted Visio file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.
  • Affects: Microsoft Visio 2003 SP3 and 2007 SP2

CVE-2011-1972 (BID 49024) Microsoft Visio CVE-2011-1972 Remote Code Execution Vulnerability (MS Rating: Important / Symantec Rating: 7.1/10)

  • A remote code-execution vulnerability affects Visio when parsing a specially crafted Visio file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.
  • Affects: Microsoft Visio 2003 SP3, 2007 SP2, 2010 (32-bit editions), 2010 (32-bit editions) SP1, 2010 (64-bit editions), and 2010 (64-bit editions) SP1

4. MS11-063 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)

CVE-2011-1967 (BID 48992) Microsoft Windows CSRSS CVE-2011-1967 Local Privilege Escalation Vulnerability (MS Rating: Important / Symantec Rating: 6.6/10)

  • A local privilege-escalation vulnerability affects the Windows Client/Server Run-time Subsystem (CSRSS) when handling a device event message. A local attacker can exploit this issue to execute arbitrary code with elevated privileges.
  • Affects: Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.