Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Bryan Burns

January 2011 Microsoft Patch Tuesday Summary

by Juniper Employee ‎01-11-2011 02:18 PM - edited ‎02-08-2011 05:00 PM

Happy new year, and welcome to another edition of the patch Tuesday summary blog.  There is a lot to celebrate this month, because after last month’s large set of patches, this month there a mere three vulnerabilities patched across two bulletins.  With such a small drop, there is space for me to go through each of the vulnerabilities one by one:


MS11-001 - CVE-2010-3145

This is another of those DLL loading vulnerabilities I’ve been mentioning for the past few months.  These are continuing to trickle out, although at a much lower rate than last year.  As is standard with this class of vulnerability, opening certain file types can cause DLLs to be loaded from the same directory the file is contained in.  If an attacker controls that directory, they can execute arbitrary code via a malicious DLL.  SMB and WebDAV shares are the remote network vector for these vulnerabilities.

 

MS11-002 - CVE-2011-0026           

This is a slightly tricky issue, because the vulnerability isn’t in any named Microsoft products, but rather an API that could be used by third party applications, rendering them vulnerable.  Are your applications vulnerable?  It’s hard to know, so best to apply this patch defensively.

 

MS11-002 - CVE-2011-0027

This vulnerability is one of those “don’t go to the wrong website” issues.  A malicious web page can use this memory allocation flaw in the MDAC library to execute arbitrary code inside Internet Explorer.

 

As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  

Happy patching!

 

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.