technet.microsoft.com/en-us/security/bulletin/ms11-083
Security Bulletins > Microsoft Security Bulletin MS11-083 Microsoft Security Bulletin MS11-083 - Critical Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516) Published: Tuesday, November 08, 2011 Version: 10 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerability by modifying the way that the Windows TCP/IP stack keeps track of UDP packets within memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually.
Top of section Affected and Non-Affected Software The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected.
This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option.
Top of section Frequently Asked Questions (FAQ) Related to This Security Update Where are the file information details? Refer to the reference tables in the Security Update Deployment section for the location of the file information details. I am using an older release of the software discussed in this security bulletin. The affected software listed in this bulletin have been tested to determine which releases are affected.
Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office.
Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager.
Top of section Vulnerability Information Severity Ratings and Vulnerability Identifiers The following severity ratings assume the potential maximum impact of the vulnerability.
This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option.
Top of section Reference Counter Overflow Vulnerability - CVE-2011-2013 A remote code execution vulnerability exists in the Windows TCP/IP stack due to the processing of a continuous flow of specially crafted UDP packets. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Top of section Workarounds for Reference Counter Overflow Vulnerability - CVE-2011-2013 Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality: * Block unused UDP ports at the perimeter firewall Blocking unused (closed) UDP ports at the perimeter firewall helps protect systems that are behind that firewall from attempts to exploit this vulnerability.
Top of section FAQ for Reference Counter Overflow Vulnerability - CVE-2011-2013 What is the scope of the vulnerability? This is a remote code execution vulnerability in the context of the Windows kernel. The vulnerability is caused when the Windows TCP/IP stack processes a continuous flow of specially crafted UDP packets, resulting in an integer overflow. TCP/IP is a set of networking protocols that are widely used on the Internet. TCP/IP provides communications across interconnected networks of computers that have diverse hardware architectures and that run various operating systems. TCP/IP includes standards for how computers communicate and conventions for connecting networks and for routing traffic.
The User Datagram Protocol (UDP) is a TCP/IP standard defined in RFC 768, "User Datagram Protocol (UDP)." UDP is used by some programs instead of TCP for fast, lightweight, unreliable transportation of data between TCP/IP hosts. UDP provides a connectionless datagram service that offers best-effort delivery, which means that UDP does not guarantee delivery or verify sequencing for any datagrams. A source host that needs reliable communication must use either TCP or a program that provides its own sequencing and acknowledgment services.
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could exploit this vulnerability by sending a continuous flow of specially crafted UDP packets to a closed port on a target system. What systems are primarily at risk from the vulnerability? Workstations and servers are primarily at risk of this vulnerability. The update addresses this vulnerability by modifying the way that the Windows TCP/IP stack keeps track of UDP packets within memory. When this security bulletin was issued, had this vulnerability been publicly disclosed? Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.
Top of section Update Information Detection and Deployment Tools and Guidance Security Central Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization.
The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. By searching using the security bulletin number (such as, "MS07-036"), you can add all of the applicable updates to your basket (including different languages for an update), and download to the folder of your choosing.
Detection and Deployment Guidance Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates.
Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.
Microsoft Baseline Security Analyzer and reference the Legacy Product Support section on how to create comprehensive security update detection with legacy tools. Windows Server Update Services Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.
Systems Management Server The following table provides the SMS detection and deployment summary for this security update. For SMS 2003, Microsoft also discontinued support for the Security Update Inventory Tool (SUIT) on April 12, 2011.
Microsoft Knowledge Base Article 910723: Summary list of monthly detection and deployment guidance articles. Update...
|
http://csua.com/feed/