June 2011 - Microsoft Releases 16 Security Advisories

  Severity: CRITICAL
  Advisory Date: JUN 14, 2011

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its June batch of patches:

  • (MS11-037) Vulnerability in MHTML Could Allow Information Disclosure (2544893)
    Risk Rating: Important

    This security update addresses a vulnerability in the MHTML protocol handler in Microsoft Windows, which could allow information disclosure, once a user opens a specially crafted URL from an attacker's website. Read more here.

  • (MS11-038) Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
    Risk Rating: Critical

    This security update addresses a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation, which could lead to remote code execution once users visit a website containing a specially made Windows Metafile (WMF) image. Read more here.

  • (MS11-039) Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
    Risk Rating: Critical

    This bulletin resolves a vulnerability in Microsoft .NET Framework and Microsoft Silverlight, which could allow arbitrary code execution once users view a malicious Web page via a Web browser that runs XAML Browser Applications (XBAPs) or Silverlight applications. Users with non-administrative user rights could be less affected than users with administrative rights. Read more here.


  • (MS11-040) Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
    Risk Rating: Critical

    This bulletin addresses a vulnerability in Microsoft Forefront Threat Management Gateway (TMG) 2010 Client (formerly Microsoft Forefront Threat Management Gateway Firewall Client). Once successfully exploited, this may allow remote code execution by a remote malicious user. Read more here.


  • (MS11-041) Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
    Risk Rating: Critical

    This security update addresses a reported vulnerability in Microsoft Windows via specifically crafted OpenType font (OTF) accessed through a network share (or a website that points to a network share). Once successfully exploited, this could allow remote code execution by an attacker. Read more here.


  • (MS11-042) Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
    Risk Rating: Critical

    This bulletin resolves two reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities may lead to remote code execution once an attacker sends a maliciously crafted DFS response to a user DFS request. Once exploited, this vulnerability could also take complete control of an affected system. Read more here.


  • (MS11-043) Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
    Risk Rating: Critical

    This security update addresses a reported vulnerability in Microsoft Windows, that could lead to remote code execution if an attacker sends a specially crafted SMB response to a user SMB request. However, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server before successfully exploiting this bug. Read more here.

  • (MS11-044) Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
    Risk Rating: Critical

    This bulletin resolves a vulnerability in Microsoft .NET Framework, which could allow remote code execution on a client system once a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users configured to have fewer user rights on an affected system could be less impacted than those with administrative rights. Read more here.

  • (MS11-045) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
    Risk Rating: Important

    This bulletin resolves eight privately reported vulnerabilities in Microsoft Office, which allow remote code execution once users execute a maliciously crafted Excel file. Users with administrative rights are more affected by this attack as opposed to those with accounts configured with lesser user rights. Read more here.

  • (MS11-046) Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
    Risk Rating: Important

    This bulletin resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD) that could allow elevation of privilege once an attacker logs on to a user's system and runs a malicious application. However, an attacker needs valid logon credentials and must be able to log on locally to successfully execute an attack. Read more here.

  • (MS11-047) Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
    Risk Rating: Important

    This bulletin addresses a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V, which could allow denial of service if an authenticated user sends a maliciously crafted packet to the VMBus. This vulnerability could not be exploited remotely or by an anonymous user. Read more here.

  • (MS11-048) Vulnerability in SMB Server Could Allow Denial of Service (2536275)
    Risk Rating: Important

    This bulletin resolves a reported vulnerability in Microsoft Windows, which could allow denial of service if an attacker creates a malicous SMB packet and sends this to an affected system. Read more here

  • (MS11-049) Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
    Risk Rating: Important

    This security update addresses a reported vulnerability in Microsoft XML Editor, that could allow information disclosure once a user opens a malicious Web Service Discovery (.disco) file with one of the affected software. This threat would not allow remote code execution or elevation of user right, however, it could acquire information that could be used in future attacks. Read more here.

  • (MS11-050) Cumulative Security Update for Internet Explorer (2530548)
    Risk Rating: Critical

    This security update addresses eleven privately reported vulnerabilities in Internet Explorer. The most severe of these could allow remote code execution if a user views a maliciously crafted Web page via Internet Explorer. Once successfully exploited, attacker can gain same user rights as the local user. Read more here.

    Note that Microsoft acknowledges Trend Micro for working with them in helping address the SafeHTML Information Disclosure Vulnerability (CVE-2011-1252), one of the privately reported vulnerabilities in Internet Explorer for this update.

  • (MS11-051) Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
    Risk Rating: Important

    This bulletin resolves a reported vulnerability in Active Directory Certificate Services Web Enrollment. This is a cross-site scripting (XSS) vulnerability that may lead to elevation of privilege, enabling an attacker to execute arbitrary commands using the user rights of the target user. An attacker would need to send a specially crafted link and convince a user to click the link before executing an attack. Read more here.

  • (MS11-052) Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
    Risk Rating: Critical

    This bulletin addresses vulnerability in Microsoft implementation of Vector Markup Language (VML), that may lead to arbitrary code execution if a user views a maliciously crafted Web page via Internet Explorer. Read more here.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields the following vulnerabilities using the specified rules. Trend Micro customers using OfficeScan with the Intrusion Defense Firewall plugin are also protected from attacks using these vulnerabilities.


Microsoft Bulletin ID Vulnerability ID Identifier & Title Deep Security Pattern Version Deep Security Pattern Release Date
MS11-038 CVE-2011-0658 1004690 - OLE Automation Underflow Vulnerability 11-018 Jun 15, 2011
MS11-042 CVE-2011-1868 1004700 - DFS Memory Corruption Vulnerability 11-018 Jun 15, 2011
MS11-043 CVE-2011-1268 1004692 - SMB Response Parsing Vulnerability 11-018 Jun 15, 2011
MS11-045 CVE-2011-1272/TD> 1004695 - Excel Insufficient Record Validation Vulnerability 11-018 Jun 15, 2011
CVE-2011-1273 1004691 - Excel Improper Record Parsing Vulnerability 11-018 Jun 15, 2011
CVE-2011-1274 1004689 - Excel Out Of Bounds Array Access Vulnerability 11-018 Jun 15, 2011
CVE-2011-1278 1004698 - Excel WriteAV Vulnerability 11-018 Jun 15, 2011
MS11-048 CVE-2011-1267 1004696 - SMB Request Parsing Vulnerability 11-018 Jun 15, 2011
MS11-049 CVE-2011-1280 1004694 - Microsoft XML Editor Information Disclosure Vulnerability 11-018 Jun 15, 2011
MS11-050 CVE-2011-1252 1004684 - Internet Explorer toStaticHTML Information Disclosure Vulnerability 11-018 Jun 15, 2011
CVE-2011-1254 1004685 - Internet Explorer Layout Memory Corruption Vulnerability 11-018 Jun 15, 2011
CVE-2011-1255 1004687 - Internet Explorer Time Element Memory Corruption Vulnerability 11-018 Jun 15, 2011
CVE-2011-1260 1004686 - Internet Explorer Layout Memory Corruption Vulnerability 11-018 Jun 15, 2011
CVE-2011-1261 1004699 - Selection Object Memory Corruption Vulnerability 11-018 Jun 15, 2011
CVE-2011-1262 1004688 - Internet Explorer HTTP Redirect Memory Corruption Vulnerability 11-018 Jun 15, 2011
CVE-2011-1266 1004693 - VML Memory Corruption Vulnerability 11-018 Jun 15, 2011

  OTHER INFORMATION

Featured Stories