September '11 Patch Tuesday Detailed
Below you can check out the information Redmond-based software giant Microsoft released about the 5 security bulletins it rolled out this September as part of its Patch Tuesday program. The aforementioned security bulletins are all rated as “important”, could lead to either remote code execution or elevation of privilege, and plug a total of 15 vulnerabilities that plague the Windows operating system and the Microsoft Office productivity suite.
But I digress. As I said, the details Microsoft made public are available below.
MS11-070: Vulnerability in WINS Could Allow Elevation of Privilege
Rating: Important.
Description: a privately reported vulnerability in the Windows Internet Name Service (WINS), vulnerability that could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. To exploit the vulnerability, an attacker must have valid logon credentials and be able to log on locally
Affected software: Microsoft Windows.
MS11-071: Vulnerability in Windows Components Could Allow Remote Code Execution
Rating: Important.
Description: A publicly disclosed vulnerability in Microsoft Windows that could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Windows.
MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Rating: Important.
Description: five privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Excel file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Office, Microsoft Server Software.
MS11-073: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Rating: Important.
Description: two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Office.
MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
Rating: Important.
Description: five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site.
Affected software: Microsoft Office, Microsoft Server Software.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the September 2011 Patch Tuesday.
But I digress. As I said, the details Microsoft made public are available below.
MS11-070: Vulnerability in WINS Could Allow Elevation of Privilege
Rating: Important.
Description: a privately reported vulnerability in the Windows Internet Name Service (WINS), vulnerability that could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. To exploit the vulnerability, an attacker must have valid logon credentials and be able to log on locally
Affected software: Microsoft Windows.
MS11-071: Vulnerability in Windows Components Could Allow Remote Code Execution
Rating: Important.
Description: A publicly disclosed vulnerability in Microsoft Windows that could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Windows.
MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Rating: Important.
Description: five privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Excel file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Office, Microsoft Server Software.
MS11-073: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Rating: Important.
Description: two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. By successfully exploiting this vulnerability an attacker could gain the same user rights as the local user.
Affected software: Microsoft Office.
MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
Rating: Important.
Description: five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site.
Affected software: Microsoft Office, Microsoft Server Software.
The Microsoft Security Response Center (MSRC) has provided these visual representations of the September 2011 Patch Tuesday.
