Blog

Anand Yadav
Microsoft September2011 Patch Tuesday Released
September 15, 2011

Microsoft has released 5 security bulletins covering a total of 15 vulnerabilities. All of these vulnerabilities are rated ‘Important’ by Microsoft, even though three of them could lead to remote code execution.
The patches address elevation of privileged and remote code execution vulnerabilities and may require a restart of Windows. Two of the bulletins address both 32bit and 64bit of Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista and Windows 7. Two other bulletins address Office 2003, Office 2007, Office 2010, Office 2004 (Mac), Office 2008 (Mac), Office 2011 (Mac), Office Groove, SharePoint Workspace 2010 and Excel Viewer. The final bulletin addresses SharePoint.

The following vulnerabilities are rated “Important”:

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid login credentials and be able to log on locally to exploit this vulnerability.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt) or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
This security update resolves 5 privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
This security update resolves 5 privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit:

http://technet.microsoft.com/en-us/security/bulletin/ms11-sep

We recommend that users set ‘Windows Update’ mode to ‘Install updates automatically’ so that the important patches get applied automatically.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image