=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN021
_____________________________________________________________________

DATE                      : 12/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Vista


======================================================================
http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx
______________________________________________________________________
Executive Summary

This security update resolves a publicly disclosed vulnerability in
Windows Backup Manager. The vulnerability could allow remote code
execution if a user opens a legitimate Windows Backup Manager file that
is located in the same network directory as a specially crafted library
file. For an attack to be successful, a user must visit an untrusted
remote file system location or WebDAV share and open the legitimate file
from that location, which in turn could cause Windows Backup Manager to
load the specially crafted library file.

This security update is rated Important for all supported editions of
Windows Vista. For more information, see the subsection, Affected and
Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the manner
in which Windows Backup Manager loads external libraries. For more
information about the vulnerability, see the Frequently Asked Questions
(FAQ) subsection for the specific vulnerability entry under the next
section, Vulnerability Information.

Recommendation. The majority of customers have automatic updating
enabled and will not need to take any action because this security
update will be downloaded and installed automatically. Customers who
have not enabled automatic updating need to check for updates and
install this update manually. For information about specific
configuration options in automatic updating, see Microsoft Knowledge
Base Article 294871.

For administrators and enterprise installations, or end users who want
to install this security update manually, Microsoft recommends that
customers apply the update at the earliest opportunity using update
management software, or by checking for updates using the Microsoft
Update service.



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================