=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN020
_____________________________________________________________________

DATE                      : 12/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Server 2003, Vista et Seven


======================================================================
http://www.microsoft.com/technet/security/bulletin/MS11-002.mspx
______________________________________________________________________
Executive Summary

This security update resolves two privately reported vulnerabilities in
Microsoft Data Access Components. The vulnerabilities could allow remote
code execution if a user views a specially crafted Web page. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the local user. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who
operate with administrative user rights.

This security update is rated Critical for all supported editions of
Windows XP, Windows Vista, and Windows 7, and Important for all
supported editions of Windows Server 2003, Windows Server 2008, and
Windows Server 2008 R2. For more information, see the subsection,
Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by ensuring that MDAC
correctly validates string length and memory allocation. For more
information about the vulnerabilities, see the Frequently Asked
Questions (FAQ) subsection for the specific vulnerability entry under
the next section, Vulnerability Information.

Recommendation. The majority of customers have automatic updating
enabled and will not need to take any action because this security
update will be downloaded and installed automatically. Customers who
have not enabled automatic updating need to check for updates and
install this update manually. For information about specific
configuration options in automatic updating, see Microsoft Knowledge
Base Article 294871.

For administrators and enterprise installations, or end users who want
to install this security update manually, Microsoft recommends that
customers apply the update immediately using update management software,
or by checking for updates using the Microsoft Update service.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================