Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 14 Sep 2011 10:10:41 +0200
Type : VULN
Sujet : CERT-Renater : 2011/VULN554 (Microsoft : Important Vulnerability in Windows Components Could Allow Remote Code Execution)
====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN554
_____________________________________________________________________

DATE                 : 14/09/2011

HARDWARE PLATFORM(S) : /

OPERATING SYSTEM(S)  : Windows XP, Windows Server 2003, Windows Vista,
                         Windows Server 2008, Windows 7.

======================================================================
KB2570947
http://technet.microsoft.com/en-us/security/bulletin/ms11-071
______________________________________________________________________

Microsoft Security Bulletin MS11-071 - Important Vulnerability in
Windows Components Could Allow Remote Code Execution (2570947)
Published: Tuesday, September 13, 2011
Version: 1.0

General Information

Executive Summary

   This security update resolves a publicly disclosed vulnerability in
   Microsoft Windows. The vulnerability could allow remote code
   execution if a user opens a legitimate rich text format file (.rtf),
   text file (.txt), or Word document (.doc) that is located in the
   same network directory as a specially crafted dynamic link library
   (DLL) file. An attacker who successfully exploited this
   vulnerability could gain the same user rights as the local user.
   Users whose accounts are configured to have fewer user rights on the
   system could be less impacted than users who operate with
   administrative user rights.

   This security update is rated Important for all supported releases of
   Microsoft Windows. For more information, see the subsection, Affected
   and Non-Affected Software, in this section.

Affected Software

   Windows XP Service Pack 3
   Windows XP Professional x64 Edition Service Pack 2
   Windows Server 2003 Service Pack 2
   Windows Server 2003 x64 Edition Service Pack 2
   Windows Server 2003 with SP2 for Itanium-based Systems
   Windows Vista Service Pack 2
   Windows Vista x64 Edition Service Pack 2
   Windows Server 2008 for 32-bit Systems Service Pack 2
   Windows Server 2008 for x64-based Systems Service Pack 2
   Windows Server 2008 for Itanium-based Systems Service Pack 2
   Windows 7 for 32-bit Systems
   Windows 7 for 32-bit Systems Service Pack 1
   Windows 7 for x64-based Systems
   Windows 7 for x64-based Systems Service Pack 1
   Windows Server 2008 R2 for x64-based Systems
   Windows Server 2008 R2 for x64-based Systems Service Pack 1
   Windows Server 2008 R2 for Itanium-based Systems
   Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Vulnerability Information

Windows Components Insecure Library Loading Vulnerability - CVE-2011-1991

   A remote code execution vulnerability exists in the way that certain
   Windows components handle the loading of DLL files. An attacker who
   successfully exploited this vulnerability could take complete control
   of an affected system. An attacker could then install programs; view,
   change, or delete data; or create new accounts with full user rights.
   Users whose accounts are configured to have fewer user rights on the
   system could be less impacted than users who operate with
   administrative user rights.
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================

[An attachment of type application/pkcs7-signature was included here]