Archive for the ‘TechNet’ Category
Posted in TechNet on October 11th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.0 (October 11, 2011): Bulletin published.
Summary: This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
Posted in TechNet on September 21st, 2011 by TechNet
Severity Rating: Critical
Revision Note: V2.1 (September 21, 2011): Corrected the registry key verification entries in the Security Update Deployment section for Windows XP and Windows Server 2003.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Posted in TechNet on September 13th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.0 (September 13, 2011): Bulletin published.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on September 13th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.0 (September 13, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Posted in TechNet on September 13th, 2011 by TechNet
Severity Rating: Critical
Revision Note: V2.0 (September 13, 2011): Rereleased bulletin to reoffer the updates for Internet Explorer on Microsoft Windows 2000 and Windows XP to address a detection issue. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on August 17th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (August 17, 2011): Corrected the hyperlink for CVE-2011-1967.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Posted in TechNet on August 10th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (August 10, 2011): Corrected the restart requirements for the update on all affected operating systems.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Posted in TechNet on August 10th, 2011 by TechNet
Severity Rating: Moderate
Revision Note: V1.1 (August 10, 2011): Revised the Server Core installation not affected notation for Windows Server 2008 and Windows Server 2008 R2 to clarify that the update will still be offered to systems installed using the Server Core installation option.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
Posted in TechNet on August 10th, 2011 by TechNet
Severity Rating: Important
Revision Note: V1.1 (August 10, 2011): Removed two erroneous workarounds in this bulletin's vulnerability section for CVE-2011-1276. This is an informational change only.
Summary: This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. See the section, Frequently Asked Questions (FAQ) Related to This Security Update, for more information about how the Office File Validation feature can be configured to block the attack vectors. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.
Posted in TechNet on August 9th, 2011 by TechNet
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
