Microsoft August 2011 Black Tuesday Overview

Overview of the August 2011 Microsoft patches and their status.

#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	ISC rating(*)
#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	clients	servers
MS11-057	Multiple vulnerabilities in Internet Explorer allow random code execution with the rights of the logged on user and information leaks. Replaces MS11-050.
MS11-057	MSIE CVE-2011-1257 CVE-2011-1960 CVE-2011-1961 CVE-2011-1962 CVE-2011-1963 CVE-2011-1964 CVE-2011-2383 CVE-2011-1347	KB 2559049	A for-pay exploit for CVE-2011-1347 is available (the fix for this vulnerability is classified by Microsoft as a functionality upgrade) Public disclosure against CVE-2011-1962 and CVE-2011-2383 are also reported.	Severity:Critical Exploitability:1	Critical	Important
MS11-058	Multiple vulnerabilities in the DNS server allow random code execution through NAPTR (Naming Authority Pointer) queries against recursive servers and denial of service. Replaces MS09-008 and MS11-046.
MS11-058	DNS server CVE-2011-1966 CVE-2011-1970	KB 2562485	No publicly known exploits	Severity:Critical Exploitability:3	N/A	Critical
MS11-059	Windows DAC (Data Access Components) can incorrectly restrict the path used for loading libraries, allowing random code execution (e.g. by opening a excel file on a network share).
MS11-059	Windows DAC, exposed through e.g. Excel CVE-2011-1975	KB 2560656	No publicly known exploits	Severity:Important Exploitability:1	Important	Less Urgent
MS11-060	Multiple vulnerabilities in Visio allow random code execution with the rights of the logged on user. Replaces MS11-008.
MS11-060	Visio CVE-2011-1972 CVE-2011-1979	KB 2560978	No publicly known exploits	Severity:Important Exploitability:1	Critical	Important
MS11-061	A cross site scripting (XSS) vulnerability in Remote Desktop Web Access.
MS11-061	Remote Desktop Web Access CVE-2011-1263	KB 2546250	No publicly known exploits	Severity:Important Exploitability:1	Less Urgent	Important
MS11-062	An input validation vulnerability in the way the NDISTAPI driver validates user mode input before sending it to the windows kernel allows privilege escalation.
MS11-062	Remote Access Service (RAS) CVE-2011-1974	KB 2566454	No publicly known exploits	Severity:Important Exploitability:1	Important	Less Urgent
MS11-063	An input validation vulnerability in the Client/Server Runtime SybSystem allows privilege escalation by running arbitrary code in the context of another process. Replaces MS10-069 and MS11-056.
MS11-063	CSRSS CVE-2011-1967	KB 2567680	No publicly known exploits	Severity:Important Exploitability:1	Important	Less Urgent
MS11-064	Vulnerabilities in how windows kernels handle crafted ICMP messages and how Quality of Service (QoS) based on URLs on web hosts handles crafted URLs allow denial of service. Replaces MS10-058.
MS11-064	TCP/IP stack CVE-2011-1871 CVE-2011-1965	KB 2563894	No publicly known exploits	Severity:Important Exploitability:3	Important	Important
MS11-065	A vulnerability in the RDP implementation allows denial of service of the exposed machine.
MS11-065	Remote Desktop Protocol (RDP) CVE-2011-1968	KB 2570222	Microsoft reports it is used in targeted exploits.	Severity:Important Exploitability:3	Less urgent	Important
MS11-066	An input validation in the Chart Control allows retrieval of any file within the ASP.NET application.
MS11-066	ASP.NET Chart Control CVE-2011-1977	KB 2567943	No publicly known exploits	Severity:Important Exploitability:3	N/A	Important
MS11-067	A cross site scripting (XSS) vulnerability in the Microsoft report viewer control. Replaces MS09-062.
MS11-067	Report Viewer CVE-2011-1976	KB 2578230	No publicly known exploits	Severity:Important Exploitability:3	Important	Less Urgent
MS11-068	Access to meta-data of files (can be through the web and file sharing) can cause a reboot of the windows kernel. Replaces MS10-047.
MS11-068	Windows Kernel CVE-2011-1971	KB 2556532	No publicly known exploits	Severity:Moderate Exploitability:?	Less Urgent	Less Urgent
MS11-069	Lack of restricted access to the System.Net.Sockets namespace in the .NET framework allows information leaks and control over network traffic causing Denial of Service or portscanning. Replaces MS11-039.
MS11-069	.NET framework CVE-2011-1978	KB 2567951	No publicly known exploits	Severity:Moderate Exploitability:?	Important	Important

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.

--
Swa Frantzen -- Section 66

Swa

760 Posts

Aug 9th 2011
8 years ago

In regards to the for-pay exploits available for CVE-2011-1347, is there any additional information, as I have been unable to find anything on this.

Thank you.

Anonymous

Quote

Aug 10th 2011
8 years ago

While working through my update cycle I noticed that Microsoft also rereleased critical bulletin MS11-043 to address a stability issue. They are recommending that you reinstall the update with this version.

Anonymous

Quote

Aug 11th 2011
8 years ago