NeXpose Release February 9, 2011 (Content)

Document created by techeditor on Apr 7, 2011
Version 1Show Document
  • View in full screen mode

This 2011-02-09 release is a content update.

 

  • Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
  • Product updates include performance improvements, bug fixes, and new features.

 

Vulnerability checks for February 2011 Patch Tuesday exposures


  • New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for February 2011. These include checks for the following flaws reported in Microsoft Security Bulletins:
    o Four Internet Explorer vulnerabilities could allow remote code execution if a user views a maliciously crafted Web page. The severity rating depends on the version of Internet Explorer. See MS11-003 for details.
    o A vulnerability in Windows Shell graphics processor could allow remote code execution if a user views a maliciously crafted thumbnail image. This vulnerability is rated critical for all Microsoft-supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. See MS11-006) for details.
    o A vulnerability in Windows OpenType Compact Font Format (CFF) driver could allow remote code execution if a user views content rendered in a maliciously crafted CFF font. This vulnerability is rated critical for all Microsoft-supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See MS11-007) for details.
    For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for February 2011. Use the checks in this content update to verify that the latest Microsoft patches have been applied to system assets.

 

List of checks


  • MS11-003: Cumulative Security Update for Internet Explorer
  • MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution
  • MS11-005: Vulnerability in Active Directory Could Allow Denial of Service
  • MS11-006: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution
  • MS11-007: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
  • MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
  • MS11-009: Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure
  • MS11-010: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
  • MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
  • MS11-012: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
  • MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege
  • MS11-014: Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege

Attachments

    Outcomes