[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Enterprise Security'
autonotify at us.ibm.com
autonotify at us.ibm.com
Thu Nov 10 02:02:37 PST 2011
Fixlet Site - 'Enterprise Security'
Current Version: 1541 Published: Thu, 10 Nov 2011 07:07:37 GMT
New Fixlets:
============
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows XP SP3 (v2, re-released 11/8/2011)
Severity: Important
Fixlet ID: 1103723
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows XP SP3 (v2, re-released 11/8/2011) - CORRUPT PATCH
Severity: Important
Fixlet ID: 1103724
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows Server 2003 SP2 (v2, re-released 11/8/2011)
Severity: Low
Fixlet ID: 1103725
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows Server 2003 SP2 (v2, re-released 11/8/2011) - CORRUPT PATCH
Severity: Low
Fixlet ID: 1103726
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows XP SP2 (x64) (v2, re-released 11/8/2011)
Severity: Important
Fixlet ID: 1103727
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows XP SP2 (x64) (v2, re-released 11/8/2011) - CORRUPT PATCH
Severity: Important
Fixlet ID: 1103728
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows Server 2003 SP2 (x64) (v2, re-released 11/8/2011)
Severity: Low
Fixlet ID: 1103729
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
Fixlet Description: Microsoft has released a security update that resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would have to convince the user to visit the web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-037: Vulnerability in MHTML Could Allow Information Disclosure - Windows Server 2003 SP2 (x64) (v2, re-released 11/8/2011) - CORRUPT PATCH
Severity: Low
Fixlet ID: 1103730
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-037
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows Vista SP2
Severity: Remote Code Execution
Fixlet ID: 1108301
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows Vista SP2 (x64)
Severity: Remote Code Execution
Fixlet ID: 1108303
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows Server 2008 SP2
Severity: Remote Code Execution
Fixlet ID: 1108305
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows Server 2008 SP2 (x64)
Severity: Remote Code Execution
Fixlet ID: 1108307
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows 7 Gold/SP1
Severity: Remote Code Execution
Fixlet ID: 1108309
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows 7 Gold/SP1 (x64)
Severity: Remote Code Execution
Fixlet ID: 1108311
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-083: Vulnerability in TCP/IP Could Allow Remote Code Execution - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Remote Code Execution
Fixlet ID: 1108313
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-083
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service - Windows 7 Gold/SP1
Severity: Moderate
Fixlet ID: 1108401
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-084
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service - Windows 7 Gold/SP1 (x64)
Severity: Moderate
Fixlet ID: 1108403
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-084
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-084: Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Moderate
Fixlet ID: 1108405
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-084
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows Vista SP2
Severity: Important
Fixlet ID: 1108501
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows Vista SP2 (x64)
Severity: Important
Fixlet ID: 1108503
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows Server 2008 SP2
Severity: Moderate
Fixlet ID: 1108505
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows Server 2008 SP2 (x64)
Severity: Moderate
Fixlet ID: 1108507
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows 7 Gold/SP1
Severity: Low
Fixlet ID: 1108509
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows 7 Gold/SP1 (x64)
Severity: Low
Fixlet ID: 1108511
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-085: Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Low
Fixlet ID: 1108513
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-085
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows XP SP3
Severity: Important
Fixlet ID: 1108601
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows XP SP3 - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108602
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows XP SP2 (x64)
Severity: Important
Fixlet ID: 1108603
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows XP SP2 (x64) - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108604
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - Active Directory - Windows Server 2003 SP2
Severity: Important
Fixlet ID: 1108605
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - Active Directory - Windows Server 2003 SP2 - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108606
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows Server 2003 SP2
Severity: Important
Fixlet ID: 1108607
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows Server 2003 SP2 - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108608
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - Active Directory - Windows Server 2003 SP2 (x64)
Severity: Important
Fixlet ID: 1108609
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - Active Directory - Windows Server 2003 SP2 (x64) - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108610
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows Server 2003 SP2 (x64)
Severity: Important
Fixlet ID: 1108611
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - ADAM - Windows Server 2003 SP2 (x64) - CORRUPT PATCH
Severity: Important
Fixlet ID: 1108612
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows Vista SP2
Severity: Important
Fixlet ID: 1108613
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows Vista SP2 (x64)
Severity: Important
Fixlet ID: 1108615
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows Server 2008 SP2
Severity: Important
Fixlet ID: 1108617
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows Server 2008 SP2 (x64)
Severity: Important
Fixlet ID: 1108619
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows 7 Gold/SP1
Severity: Important
Fixlet ID: 1108621
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows 7 Gold/SP1 (x64)
Severity: Important
Fixlet ID: 1108623
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
***************************************************************
Title: MS11-086: Vulnerability in Active Directory Could Allow Elevation of Privilege - AD LDS - Windows Server 2008 R2 Gold/SP1 (x64)
Severity: Important
Fixlet ID: 1108625
Fixlet Link: http://technet.microsoft.com/en-us/security/bulletin/MS11-086
Fixlet Description: Microsoft has released a security update that resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL. After downloading and installing this update, affected computers will no longer be susceptible to this vulnerability.
More information about the BigFix-Announcements
mailing list