DP's Security Bits

Vulnerability in SSL/TLS Could Allow Information Disclosure

Published: Monday, September 26, 2011

Version: 1.0

General Information

Executive Summary

Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.

Issued: September 21, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-043 - Critical
* MS11-058 - Critical
* MS11-074 - Important

Bulletin Information:

* MS11-043 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-043
- Reason for Revision: V2.1 (September 21, 2011): Corrected the
registry key verification entries in the Security Update
Deployment section for Windows XP and Windows Server 2003.
- Originally posted: June 14, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS11-058 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-058
- Reason for Revision: V1.1 (September 21, 2011): Corrected
the Affected Software table to remove MS11-046 as a bulletin
replaced by this update on all affected editions of
Windows Server 2003. This is a detection change only.
There were no changes to the security update files.
Customers who have already successfully updated their systems
do not need to take any action.
- Originally posted: August 9, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS11-074 - Important

- http://technet.microsoft.com/security/bulletin/ms11-074
- Reason for Revision: V1.2 (September 21, 2011): Removed
erroneous reference to Microsoft Knowledge Base Article
2553001 in the deployment reference table for Microsoft
Groove Server 2007. This is an informational change only.
There were no changes to the security update files or
detection logic.
- Originally posted: September 13, 2011
- Updated: September 21, 2011
- Bulletin Severity Rating: Important
- Version: 1.2

Issued: September 19, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2607712)
- Title: Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/security/advisory/2607712
- Revision Note: V5.0 (September 19, 2011): Revised to announce
the rerelease of the KB2616676 update. See the Update FAQ in
this advisory for more information.

Issued: September 13, 2011

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-074 - Important

Bulletin Information:

* MS11-049 - Important

- http://technet.microsoft.com/security/bulletin/ms11-049
- Reason for Revision: V2.1 (September 13, 2011): Added an update
FAQ to announce a detection change for KB2494089 that corrects
an installation issue. This is a detection change only. There
were no changes to the security update files. Customers who
have already successfully updated their systems do not need
to take any action.
- Originally posted: June 14, 2011
- Updated: September 13, 2011
- Bulletin Severity Rating: Important
- Version: 2.1

* MS11-074 - Important

- http://technet.microsoft.com/security/bulletin/ms11-074
- Reason for Revision: V1.1 (September 13, 2011): Added update
link and package information for the Microsoft Office
SharePoint Server 2010 and Microsoft Office
SharePoint Server 2010 Service Pack 1 (pplwfe) (KB2560890)
update. This is an informational change only. There were
no changes to the security update files or detection logic.
- Originally posted: September 13, 2011
- Updated: September 13, 2011
- Bulletin Severity Rating: Important
- Version: 1.1

Issued: September 13, 2011

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2269637)
- Title: Insecure Library Loading Could Allow Remote Code Execution
- http://technet.microsoft.com/security/advisory/2269637
- Revision Note: V10.0 (September 13, 2011): Added the following
Microsoft Security Bulletins to the Updates relating to Insecure
Library Loading section: MS11-071, "Vulnerability in Windows
Components Could Allow Remote Code Execution;" and MS11-073,
"Vulnerabilities in Microsoft Office Could Allow Remote Code
Execution."

* Microsoft Security Advisory (2607712)
- Title: Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/security/advisory/2607712
- Revision Note: V4.1 (September 13, 2011): Revised to announce
the availability of the KB2616676 update for the
Windows Developer Preview release.

Issued: September 13, 2011

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS10-035 - Critical

Bulletin Information:

* MS10-035 - Critical

- http://technet.microsoft.com/security/bulletin/ms10-035
- Reason for Revision: V2.0 (September 13, 2011): Rereleased
bulletin to reoffer the updates for Internet Explorer on
Microsoft Windows 2000 and Windows XP to address a detection
issue. There were no changes to the security update files.
Customers who have already successfully updated their systems
do not need to take any action.
- Originally posted: June 08, 2010
- Updated: September 13, 2011
- Bulletin Severity Rating: Critical
- Version: 2.0

Summary

Critical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Full Bulletin

Event ID: 1032487951
Language(s): English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker and IT Generalist.

Starts: Wednesday, September 14, 2011 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Join us for a brief overview of the technical details of the Microsoft security bulletins for September. We intend to address your concerns in this webcast; therefore, most of the webcast is devoted to attendees asking questions and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Dustin Childs, Senior Security Program Manager, Microsoft Security Response Center, Microsoft Corporation

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···sep.mspx

Important (5)

Microsoft Security Bulletin MS11-070
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
»www.microsoft.com/technet/securi···070.mspx

Microsoft Security Bulletin MS11-071
Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
»www.microsoft.com/technet/securi···071.mspx

Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
»www.microsoft.com/technet/securi···072.mspx

Microsoft Security Bulletin MS11-073
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
»www.microsoft.com/technet/securi···073.mspx

Microsoft Security Bulletin MS11-074
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
»www.microsoft.com/technet/securi···074.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

This is an advance notification of 5 security bulletins that Microsoft is intending to release on September 13, 2011.

5 Rated as Important

http://technet.microsoft.com/en-us/security/bulletin/ms11-sep