Microsoft security bulletin dec 2011

The article also documents recommended solutions for these issues. The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.

The vulnerabilities addressed by this update do not affect supported editions of Windows Server or Windows Server R2 as indicated, when installed using the Server Core installation option. Why was this bulletin revised on January 10, ?

For more information, see MS This update, MS, enables these protections for Internet Explorer. Where are the file information details? Refer to the reference tables in the Security Update Deployment section for the location of the file information details.

Why does this update address several reported security vulnerabilities? This update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only. Does this update contain any security-related changes to functionality? In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update includes defense-in-depth updates to help improve security-related features in Internet Explorer.

What is defense-in-depth? In information security, defense-in-depth refers to an approach in which multiple layers of defense are in place to help prevent attackers from compromising the security of a network or system. I am using an older release of the software discussed in this security bulletin.

What should I do? The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle Web site. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.

To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options.

Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager.

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the December bulletin summary. For more information, see Microsoft Exploitability Index. An information disclosure vulnerability exists in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that contains malicious JavaScript code.

An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.

The following mitigating factors may be helpful in your situation:. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:. You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting.

You can do this by setting your browser security to High. Note If no slider is visible, click Default Level , and then move the slider to High. Note Setting the level to High may cause some Web sites to work incorrectly.

If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. Impact of workaround. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality.

For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone.

This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone. Note Add any sites that you trust not to take malicious action on your system. These are the sites that will host the update, and it requires an ActiveX Control to install the update. You can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

To do this, perform the following steps:. Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. This will allow the site to work correctly. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements.

Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting.

If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone".

After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone.

This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system.

Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. Save the following to a file with a. What is the scope of the vulnerability? This is an information disclosure vulnerability.

An attacker who exploited the vulnerability when a user views a Web page could view content from the local computer or a browser window in a domain or Internet Explorer zone other than the domain or zone of the attacker's Web page.

What causes the vulnerability? The Internet Explore XSS Filter incorrectly allows attackers to read content from different domains through trial and error attacks. Cross-site scripting attacks try to exploit vulnerabilities in the Web sites you use. Cross-site scripting attacks have emerged as a leading online threat, so Internet Explorer 8 and Internet Explorer 9 include a cross-site scripting filter that can detect these types of attacks and disable the harmful scripts.

By default, the cross-site scripting filter is turned on in Internet Explorer 8 and later versions for the Internet Zone.

What might an attacker use the vulnerability to do? Social media posts claim that US comedian Bob Saget died because he had received a Covid booster shot.

These claims are unsubstantiated; the "Full House" star had said that he received a third dose of the vaccine, but the Florida medical examiner's office that conducted his autopsy has not released its findings, nor indicated that vaccination was responsible for his death.

The vaccines are poison," claims a twee. Dramatic footage of a distressed man crying next to the body of a dead girl has circulated in social media posts worldwide in January alongside a claim the child died after receiving a Covid vaccine. However, the journalist who filmed the footage said it shows a child killed by a bomb in Syria in October President Rodrigo Duterte recently ordered barangay officials to prevent unvaccinated individuals from going outside for reasons that they are prone to contracting the virus that c THE suspect in the killing of a year-old girl was caught yesterday in Talisay City.

The suspect, considered to be the 'person of interest' whose real name is withheld pen THE Cebu Provincial Government has inked a memorandum of agreement MOA with over 40 hardware stores and general merchandisers who will supply the construction materials and other The world's top Instagram influencers rake in millions for every post. We count down the top During the TAPATan Media Forum organized by 1Sambayan on January 13, the speakers were asked how to change the minds of people who argue that the Marcoses have done a lot for the country during the dictatorship.

Those killed were Floyd Basellote, from Cabiangon, As international borders reopen, many eyes are turning to the skies. But not all passports are created equal. So, where does Philippines rank when it comes to visa-free travel? A photo of a helicopter has been shared in multiple posts in January alongside a claim it shows a Myanmar military helicopter shot down by a rebel group.

Myanmar has been in chaos since the February 1 coup which ousted Aung San Suu Kyi's civilian government. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen.

Incorrect instructions. Too technical. Not enough information. Not enough pictures.