MS11-002 Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)IMPORTANT
- Analysis There are two vulnerabilities in Microsoft Data Access Components, both allowing for remote code execution in the context of the local user. A user must visit a specially crafted web page in order for the vulnerability to be exploited; once a user has visited a malicious page, an attacker may gain complete control of the system if the user is running as an administrator.
- Recommendations Administrators are urged to patch immediately, however there is one mitigating factor and one workaround to help lessen the impact of these vulnerabilities: CVE-2011-0026 is not exploitable under the default Windows configuration. - A third-party application that uses ODBC (Open Database Connectivity) APIs in an insecure way must be installed on the system in order to be vulnerable. CVE-2011-0027 may be mitigated by setting the Internet and local Intranet zones to “High” within Internet Explorer or by configuring Internet Explorer to prompt the user before running Active Scripting. - In Internet Explorer, click the Security Tab --> Internet --> Custom Level. * Under Settings, in the Scripting section, under Active Scripting click “Prompt or Disable”. - Go back to the Security Tab --> Local Intranet --> Custom Level. * Under Settings, in the Scripting section, under Active Scripting click “Prompt or Disable”.
MS11-001 - Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
- Analysis Windows Backup Manager contains a vulnerability when loading DLLs, causing susceptibility to DLL preloading attacks. Files that are opened with Windows Backup Manager, such as .wbcat, from attacker controlled locations (e.g. a WebDAV server or other untrusted location) could allow the attacker to execute arbitrary code in the context of the local user. This vulnerability only affects Windows Vista (both 32-bit and 64-bit).
- Recommendations dministrators are urged to install the patch; however, there is a workaround that may be used to help mitigate this threat: Disable loading of libraries from remote network locations (http://support.microsoft.com/kb/2264107).