'[Dragonidsuser] [+] HIDS/NIDS Signature Update(7.x): Tue,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonidsuser
Subject:    [Dragonidsuser] [+] HIDS/NIDS Signature Update(7.x): Tue,
From:       Michael Shirk <mshirk () enterasys ! com>
Date:       2011-08-10 1:29:07
Message-ID: 4E41DEE3.8060402 () enterasys ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

The following HIDS signature updates are available via liveupdate for
Dragon version 7.4:

HOST-POLICY: HostSensor_Windows_Windows7_Enterprise

New HIDS policy for Microsoft Windows 7 Enterprise Edition.


The following NIDS signature updates are available via liveupdate for
Dragon version 7.x:

IE:MARKUP-RACE-CONDITION
UPDATE-TYPE: New Signature
CLASSIFICATION: WEB-BROWSER-ATTACK
DESCRIPTION: There is a vulnerability in the Microsoft Internet Explorer
that may lead to code execution. The vulnerability is a race condition
that occurs when opening multiple windows. Microsoft has released a
patch (MS11-057) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
REFERENCE: CVE
CVE-2011-1257


IE:ONREADYSTATECHANGE-CORRUPT2
UPDATE-TYPE: New Signature
CLASSIFICATION: WEB-BROWSER-ATTACK
DESCRIPTION: There is a vulnerability in the Microsoft Internet Explorer
that may lead to code execution. The vulnerability is in the handling of
style behaviors in Internet Explorer. Microsoft has released a patch
(MS11-057) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-057.mspx
REFERENCE: CVE
CVE-2011-1964


IE:TELNET-URI-HANDLER
UPDATE-TYPE: New Signature
CLASSIFICATION: WEB-BROWSER-ATTACK
DESCRIPTION: There is a remote code execution vulnerability in the way
IE uses the telnet URI handler. This could allow an attacker to execute
arbitrary code in the context of a logged-on user. Microsoft has
released a patch (MS11-057) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx
REFERENCE: CVE
CVE-2011-0961


MS:DNS-NAPTR-OVERFLOW
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: There is a vulnerability in the Microsoft Windows DNS
Server that may lead to a remote code execution. The vulnerability can
occur when processing specially crafted NAPTR query strings. Microsoft
has released a patch (MS11-058) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx
REFERENCE: CVE
CVE-2011-1966


MS:MDAC-INSECURE-LOADLIBRARY
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution exists in the way that Microsoft
Data Access Components (MDAC) handles the loading of DLL files when used
with Microsoft Excel. Microsoft has released a patch (MS11-059) for this
vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
REFERENCE: CVE
CVE-2011-1975


MS:RDWA-XSS
UPDATE-TYPE: New Signature
CLASSIFICATION: WEB-XSS-ATTACK
DESCRIPTION: There is a vulnerability in the Microsoft Remote Desktop
Web Access that may lead to a cross-site scriptiong (XSS) attack. The
vulnerability is in the processing of web requests which allows
JavaScript to run in context of the user. Microsoft has released a patch
(MS11-061) for this vulnerability. Because the Remote Desktop Web Access
is reflecting the attack, it may be difficult to pinpoint the source of
the XSS attack.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-061.mspx
REFERENCE: CVE
CVE-2011-1263


MS:REPORT-VIEWER-XSS
UPDATE-TYPE: New Signature
CLASSIFICATION: BETA
DESCRIPTION: There is an information disclosure vulnerability in
Microsoft Report Viewer. To exploit this vulnerability an attacker would
need to persuade a user to visit a malicious web site by getting them to
click on a link in an email or web page. Microsoft has released a patch
(MS11-067) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/Bulletin/MS11-067.mspx
REFERENCE: CVE
CVE-2011-1976


MS:VISIO-INSECURE-LOADLIBRARY
UPDATE-TYPE: Modified Signature
CLASSIFICATION: BETA
DESCRIPTION: A remote code execution exists in the way Microsoft Office
Visio 11 handles the loading of DLLs when processing .VSD, .VDX, .VST,
and .VTX files hosted on malicious WebDAV shares. Microsoft has released
a patch (MS11-055) for this vulnerability.
REFERENCE: URLREF
http://www.microsoft.com/technet/security/bulletin/ms11-055.mspx
REFERENCE: CVE
CVE-2010-3148



- -- 
Michael Shirk
Security Research Engineer
Enterasys Networks, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREDAAYFAk5B3uIACgkQXWThkXZdgOdLDQCggaSTBEy5EMpKWDaFXWcrpzrH
eXYAoJS0ZuGN8yzLk3MBQEv6KPpJIR8w
=gxsW
-----END PGP SIGNATURE-----
_______________________________________________
Dragonidsuser mailing list
Dragonidsuser@enterasys.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic