Symantec product detections for Microsoft monthly Security Advisories - November 2011

Article:TECH173766  |  Created: 2011-11-07  |  Updated: 2012-04-09  |  Article URL http://www.symantec.com/docs/TECH173766
Article Type
Technical Solution

Product(s)

Languages

Problem



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



ID and Rating CAN/CVE ID: CVE-2011-2013
BID: 50517
Microsoft ID: MS11-083
MSKB: 2588516
Microsoft Rating: Critical
Vulnerability Type Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow Vulnerability 
Remote Code Execution Vulnerability
Vulnerability Affects Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A remote code execution vulnerability affects the Windows TCP/IP stack when handling a continuous flow of UDP packets.
  • An attacker can exploit this issue by sending a series of malformed packets to an affected computer.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the kernel. This may facilitate a complete system compromise.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
ID and Rating CAN/CVE ID: CVE-2011-2016
BID: 50507
Microsoft ID: MS11-085
MSKB: 2620704
Microsoft Rating: Important
Vulnerability Type Windows Mail and Windows Meeting Space DLL Loading Arbitrary Code Execution Vulnerability
Remote Code Execution Vulnerability
Vulnerability Affects Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
Details
  • A remote code-execution vulnerability affects Windows Mail and Windows Meeting Space due to how they load DLL files.
  • An attacker can exploit this issue by enticing an unsuspecting victim into opening a file associated with the application from a remote SMB or WebDAV share.
  • A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: SCSPBP1: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2011-2014
BID: 50518
Microsoft ID: MS11-086
MSKB: 2630837
Microsoft Rating: Important
Vulnerability Type Microsoft Active Directory LDAPS Authentication Bypass Vulnerability
Escalation of Privilege Vulnerability
Vulnerability Affects Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Vista SP2, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for x64-based Systems SP1
Details
  • A privilege-escalation vulnerability affects Active Directory when it is configured to use LDAP over SSL because it fails to properly verify if a certificate has been revoked.
  • An attacker can exploit this issue to access network resources or run code with elevated privileges.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A
 ID and Rating CAN/CVE ID: CVE-2011-2004
BID: 50510
Microsoft ID: MS11-084
MSKB: 2617657
Microsoft Rating: Moderate
 Vulnerability Type Microsoft Windows Kernel TrueType Font Parsing (CVE-2011-2004) Denial of Service Vulnerability
Denial of Service Vulnerability
 Vulnerability Affects Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems SP1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems SP1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems SP1, Windows Server 2008 R2 for Itanium-based Systems, and Windows Server 2008 R2 for Itanium-based Systems SP1
 Details
  • A denial-of-service vulnerability affects the Windows kernel when handling TrueType fonts.
  • An attacker can exploit this issue by tricking an unsuspecting victim into connecting to a remote share that is hosting a malicious font.
  • A successful exploit will cause the affected computer to stop responding, effectively denying service.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: N/A

 

 

 

 


Article URL http://www.symantec.com/docs/TECH173766


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support