MS11-076 is an "important"security update to resolve an publicly disclosed vulnerability in Windows Media Center. If an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file, it could allow remote code execution. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained, according to Microsoft. A user must visit an untrusted remote file system location or WebDAV share and open a legitimate file for an attack to be successful. MS11-075 and MS11-076 are examples of a vulnerability class called "remote binary planting" which has necessitated dozens of fixes by Microsoft and 3rd party application vendors in the last year.
An important security update was also issued for MS11-077, which resolves four privately reported vulnerabilities in Windows, Microsoft reported. A remote code execution would be the most severe of these vulnerabilities if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment, Microsoft reported. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.
MS11-079 is a security update for five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL, Microsoft reported. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site, the firm said.
MS11-080 is a security update resolving a privately reported vulnerability in the Windows Ancillary Function Driver (AFD). If an attacker logs on to a user's system and runs a specially crafted application, the vulnerability could allow elevation of privilege. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability, Microsoft said.
The final security update is for MS11-082, which resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478, Microsoft said. It recommended firewall best practices and standard default firewall configurations as a way to help protect networks from attacks that originate outside the enterprise perimeter. Another recommendation is that systems connected to the Internet have only a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet, Microsoft advised.