Nullcode Hunting Security Bugs

We can help you, if you need to reduce the Risk...

  • Aumentar fuente
  • Fuente predeterminada
  • Disminuir fuente
Looking for bugs ,Auditing Cod3

+12 Years working on Security Information!

Sábado, 19 de Marzo de 2011 22:16 thomassofia
E-mail Imprimir PDF

My name is Ivan Sanchez , I've been working on security subjects since 1998 for companies below mentioned

Esta dirección electrónica esta protegida contra spam bots. Necesita activar JavaScript para visualizarla

http://www.linkedin.com/in/nullcode

  • Engineer Degree
  • ITIL Certified
  • Auditor Code /CMMI
  • CISM

The project Nullcode Services  started to work in 2004,reporting vulnerabilties , auditing code,looking for bugs into the code and so on, offering Security Services. Recently, We have started to work in the second project reporting vulnerabilities www.evilcode.com.ar

Working for:


* Telecom Group

* Velocom ISP

* Core Technologies

* Phillips Morris International Services

* Monsanto Company

* Logistic Group

* Governance


 

 

Última actualización el Sábado, 13 de Agosto de 2011 19:28  
  • Well Websecurify Runs on The iPhone
    This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too. The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]
  • Stuxnet
    I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing: Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]
  • Having fun with BeEF, the browser exploitation framework
    We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]
  • ColdFusion directory traversal FAQ (CVE-2010-2861)
    A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]
  • 1ST European Edition of HITB Coming Up!
    In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]
  • Hacking Linksys IP Cameras (pt 6)
    This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]
  • Dnsmap v0.30 is now out!
    After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]
  • Old-school Remote Command Exec Vulnerabilities on Avaya Intuity
    Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]
  • Skydive
    What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air. On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. [...]
  • Free Web Application Security Testing Tool
    Automated Web Application Security Testing tools are in the core of modern penetration testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. [...]
  • Of Sec Cons and Magstripe Gift Cards
    I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late. I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]
  • CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept
    I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]
  • Hacking Linksys IP Cameras (pt 5)
    This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4). Mounting the filesystem on your workstation There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]
  • Breaking Into a Home With an iPhone
    This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]
  • Extensions at War
    Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]
  • Exploit Sweatshop
    When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]
  • Jeriko Group and Source Code Repository
    Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]
  • Hacking Linksys IP Cameras (pt 4)
    This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3). There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]
  • Hacking Linksys IP Cameras (pt 3)
    This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2). Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]
  • Hacking Linksys IP Cameras (pt 2)
    This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1). Privilege escalation via arbitrary file retrieval The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]

SAP Security & Compliance

Bugs-Issues-Mistakes

CoreLabs IT Security Research: Vulnerability Advisories
CoreLabs regularly publishes security advisories about vulnerabilities we discovered or found collaboratively with other IS professionals.
  • Apple OS X Sandbox Predefined Profiles Bypass
    November 10th - Anibal Sacco and Matias Eissler
    Several of the default pre-defined sandbox profiles don't properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality.
  • Adobe Shockwave Player TextXtra.x32 vulnerability
    November 8th - Pablo Santamaria
    A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file.
  • e107 CMS Script Command Injection
    October 24th - Matt Bergin and Matias Blanco
    When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested.
  • Microsoft Publisher 2007 Pubconv.dll Memory Corruption
    October 12th - Daniel Kazimirow
    A vulnerability has been found in Microsoft Publisher 2007, that can be leveraged by an attacker to execute arbitrary code by enticing users to insert a specially-crafted .pub file into a document.
  • Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
    14th September - Matias Blanco
    The authentication process of ServiceDesk Plus obfuscates user passwords using a trivial and symmetrical algorithm in Javascript code with no secret. Given that user passwords are locally stored in user cookies and having the Javascript code to encrypt and decrypt passwords in a .js file, the authentication process of SDP can be bypassed allowing an attacker to get usernames+passwords of registered users. Additionally, a cross site scripting vulnerability related to search functions was found.
  • MS WINS ECommEndDlg Input Validation Error
    12th September - Nicolas Economou
    A security vulnerability was discovered in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user receives a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally in order to exploit this vulnerability.
  • HP Data Protector EXEC_CMD Buffer Overflow Vulnerability
    29th June - Nahuel C. Riva
    A vulnerability in HP Data Protector could allow a remote attacker to execute arbitrary code.
  • Multiple vulnerabilities in HP Data Protector
    29th June - Oren Isacson
    Multiple vulnerabilities have been found in HP Data Protector that could allow a remote attacker to execute arbitrary code and lead to denial of service conditions.
  • IBM WebSphere Application Server Cross-Site Request Forgery
    June 15th - Francisco Falcon y Alejandro Rodriguez
    The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console.
  • MS HyperV Persistent DoS Vulnerability
    14th June - Nicolas Economou
    A security vulnerability was found in the driver vmswitch.sys, associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive.
  • Lotus Notes XLS viewer malformed BIFF record heap overflow
    May 24th - Pablo Santamaria, Oren Isacson and Nadia Rodriguez
    A memory corruption vulnerability in the Lotus Notes client application can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension.
  • Adobe Audition vulnerability processing malformed session file
    May 12th - Diego Juárez, Eduardo Koch and Laura Balián
    Adobe audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.
  • Oracle GlassFish Server Administration Console Authentication Bypass
    May 11th - Francisco Falcón
    The Administration Console in Oracle GlassFish Server, which is listening by default on port 4848/TCP, is prone to an authentication bypass vulnerability. This vulnerability can be exploited by remote attackers to access sensitive data on the server without being authenticated, by making TRACE requests against the Administration Console.
  • VLC Vulnerabilities handling .AMV and .NSV files
    23rd March - Ricardo Narvaja
    Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC.
  • ZOHO ManageEngine ADSelfService multiple vulnerabilities
    February 10th - Ernesto Alvarez
    ZOHO ManageEngine ADSelfService Plus 4.4 is prone to multiple vulnerabilities, including an authentication bypass, due to excessive control granted to the client side. By tampering requests, an attacker can weaken the security question mechanisms in place for password recovery, or skip te mechanism altoghether. Additionally, two cross site scripting vulnerabilities were found related to search functions.

Patching the System

Microsoft Security Bulletins
Microsoft Security Bulletins
  • MS11-088 - Important : Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (February 22, 2012): Clarified product support status for Microsoft Office Pinyin SimpleFast Style 2010 and Microsoft Office Pinyin New Experience Style 2010. These versions of Microsoft Office Pinyin are no longer supported. Microsoft recommends that all customers of these versions upgrade to the latest version of Microsoft Pinyin IME 2010 available through Microsoft Office 2010. See update FAQ for details.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
  • MS12-001 - Important : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 22, 2012): Added a link to Microsoft Knowledge Base Article 2644615 under Known Issues in the Executive Summary.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
  • MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 22, 2012): Added a link to Microsoft Knowledge Base Article 2661637 under Known Issues in the Executive Summary.
    Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-089 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (February 22, 2012): Revised the bulletin to identify the update package KB numbers for the following non-affected software that this update applies to: Microsoft Visio (KB2553374), Microsoft Visio Viewer (KB2553353), Microsoft Office Web Application Companions (WAC) (KB2553153), and Microsoft SharePoint Server 2010 (KB2553132). See the update FAQ for details.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-016 - Critical : Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (February 15, 2012): Removed erroneous reference to known issues from the Executive Summary.
    Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.4
    Severity Rating: Important
    Revision Note: V2.4 (February 15, 2012): Corrected the SQL Server Version Range for SQL Server 2008 R2 in the update FAQ.
    Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
  • MS12-015 - Important : Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-011 - Important : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.
  • MS12-012 - Important : Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-008 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
  • MS12-009 - Important : Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (February 14, 2012): Bulletin published.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
  • MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.3
    Severity Rating: Critical
    Revision Note: V1.3 (February 1, 2012): Corrected registry keys and installation switches in the deployment tables for Windows Server 2003 and Windows Server 2008, and installation switches in the deployment table for Windows Vista. This is an informational change only. There were no changes to the security update files or detection logic.
    Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
  • MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (February 1, 2012): Added a link to Microsoft Knowledge Base Article 2633171 under Known Issues in the Executive Summary.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
  • MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (January 27, 2012): Corrected the aggregate severity rating for the KB2631813 update package in the Affected Software table for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This is a bulletin change only. There were no changes to the security update files or detection logic. Customers should apply all update packages offered for the software installed on their systems. See the update FAQ for details.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.2
    Severity Rating: Important
    Revision Note: V4.2 (January 24, 2012): Added an entry to the update FAQ to announce a detection change for KB2538242, KB2538243, KB2467173, KB2538218, KB2538241, and KB2542054 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
    Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
  • MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (January 18, 2012): Added MS10-085 as a bulletin replaced by the KB2585542 update for Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems. This is an informational change only. There were no changes to the detection logic or the update files.
    Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
  • MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 2.1
    Severity Rating: Important
    Revision Note: V2.1 (January 16, 2012): Added a link to Microsoft Knowledge Base Article 2607664 under Known Issues in the Executive Summary. Also, revised entry in the update FAQ to clarify why the upgrade to AntiXSS Library version 4.2.1 is only available from the Microsoft Download Center.
    Summary: This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depends on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.
  • MS11-099 - Important : Cumulative Security Update for Internet Explorer (2618444) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (January 10, 2012): Announced that this update, MS11-099, enables the protections provided in the Vulnerability in SSL/TLS Could Allow Information Disclosure update, MS12-006, for Internet Explorer. For more information, see the Update FAQ.
    Summary: This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
  • MS12-003 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker successfully exploited this vulnerability. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. Only systems configured with a Chinese, Japanese, or Korean system locale are affected.
  • MS12-005 - Important : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-002 - Important : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-096 - Important : Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (December 21, 2011): Added Microsoft Office Compatibility Pack Service Pack 3 to the Non-Affected Software table. This is an informational change only. There were no changes to the detection logic or the update files.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
  • MS11-094 - Important : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (December 21, 2011): Added an entry to the Update FAQ to explain why this update is offered to customers running PowerPoint 2010 Service Pack 1.
    Summary: This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-092 - Critical : Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
  • MS11-095 - Important : Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
  • MS11-090 - Critical : Cumulative Security Update of ActiveX Kill Bits (2618451) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (December 13, 2011): Corrected the kill bit information for the HP Photo Creative ActiveX control in the section, Third-Party Kill Bits. This is an informational change only. There were no changes to the security update files or detection logic.
    Summary: This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
  • MS11-093 - Important : Vulnerability in OLE Could Allow Remote Code Execution (2624667) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-091 - Important : Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-087 - Critical : Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
  • MS11-097 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (December 13, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
  • MS11-028 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015) - Version: 2.4
    Severity Rating: Critical
    Revision Note: V2.4 (November 30, 2011): Corrected the bulletin replacement information for .NET Framework 4 on Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1. This is a bulletin change only. There were no changes to the detection or security update files.
    Summary: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
  • MS11-037 - Important : Vulnerability in MHTML Could Allow Information Disclosure (2544893) - Version: 2.1
    Severity Rating: Important
    Revision Note: V2.1 (November 15, 2011): Corrected the install verification registry keys, update log file name, and removal information for Windows XP and Windows Server 2003. This is an informational change only.
    Summary: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.
  • MS11-071 - Important : Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) - Version: 2.0
    Severity Rating: Important
    Revision Note: V2.0 (November 8, 2011): Rereleased this bulletin to announce availability of an update for Windows 7 Embedded. No other update packages are affected by this rerelease.
    Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS11-085 - Important : Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (November 8, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.
  • MS11-084 - Moderate : Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) - Version: 1.0
    Severity Rating: Moderate
    Revision Note: V1.0 (November 8, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.
  • MS11-086 - Important : Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (November 8, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
  • MS11-083 - Critical : Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) - Version: 1.0
    Severity Rating: Critical
    Revision Note: V1.0 (November 8, 2011): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.
  • MS11-081 - Critical : Cumulative Security Update for Internet Explorer (2586448) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (November 2, 2011): Announced the release of a hotfix to resolve a known issue affecting Internet Explorer 7 customers after the KB2586448 security update is installed. See the Update FAQ for details.
    Summary: This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS10-070 - Important : Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version: 4.2
    Severity Rating: Important
    Revision Note: V4.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.
  • MS11-078 - Critical : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
  • MS11-069 - Moderate : Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) - Version: 1.2
    Severity Rating: Moderate
    Revision Note: V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
  • MS11-044 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
  • MS11-066 - Important : Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) - Version: 1.1
    Severity Rating: Important
    Revision Note: V1.1 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected. This security update is rated Important for Microsoft .NET Framework 4 on all supported releases of Microsoft Windows and for Chart Control for Microsoft .NET Framework 3.5 Service Pack 1. For more information, see the subsection, Affected and Non-Affected Software, in this section.
  • MS10-077 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version: 3.1
    Severity Rating: Critical
    Revision Note: V3.1 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.
  • MS11-039 - Critical : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842) - Version: 1.1
    Severity Rating: Critical
    Revision Note: V1.1 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems.
    Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
  • MS11-075 - Important : Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - Version: 1.2
    Severity Rating: Important
    Revision Note: V1.2 (October 25, 2011): Revised the update file names for 32-bit and x64-based editions of Windows XP and Windows Server 2003, in accordance with the schema documented in Microsoft Knowledgebase Article KB816915. This is a change to file names only. There were no changes to the detection logic or update content. Customers who have already successfully installed this update do not need to take any action.
    Summary: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
  • MS11-058 - Critical : Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) - Version: 1.2
    Severity Rating: Critical
    Revision Note: V1.2 (October 25, 2011): Announced a change to detection logic and corrected bulletin replacement information for some affected configurations. There were no changes to the security update files. See the Update FAQ for details.
    Summary: This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
  • MS11-082 - Important : Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670) - Version: 1.0
    Severity Rating: Important
    Revision Note: V1.0 (October 11, 2011): Bulletin published.
    Summary: This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.