BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – February 2011

Posted February 8, 2011    Chris Silva

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that were patched in MIT Kerberos back in November.

As such, here are our Recommendation for patch precedence and mitigation:

Deploy Immediately

MS11-003 – Cumulative Security Update for Internet Explorer (2482017)
Recommendation: Deploy patches immediately to prevent exploitation by attackers. Until the patches can be installed, ActiveX Controls and Active Scripting within the Internet and Local Intranet security zone settings should be set to disabled, emails should be read in plain text and the recursive loading of CSS in Internet Explorer should be set to disabled. Additionally, as with all DLL Preloading vulnerabilities, disable the WebDAV client and do not open HTML files from untrusted locations.

MS11-004 – Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
Recommendation: Deploy patches immediately to prevent exploitation by attackers. Until the patches can be installed, disable or stop the FTP Service on IIS 7.0 and 7.5 systems.

MS11-006 – Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
Recommendation: Deploy patches immediately to prevent exploitation by attackers. Until the patches can be installed, the Access Control List on “shimgvw.dll” should be modified to be more restrictive and the displaying of thumbnails in Windows Explorer should be set to disabled.

MS11-007 – Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
Recommendation: Deploy patches immediately to prevent exploitation by attackers. Until the patches can be installed, disable the Preview Pane in Windows Explorer, the Details Pane in Windows Explorer and the WebClient Service.

MS11-011 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
Recommendation: Deploy patches immediately to prevent exploitation by attackers as no forms of mitigation are available.

MS11-014 – Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
Recommendation: Deploy patches immediately to prevent exploitation by attackers as no forms of mitigation are available.

Deploy As Soon As Possible

MS11-005 – Vulnerability in Active Directory Could Allow Denial of Service (2478953)
Recommendation: Deploy patches as soon as possible as no forms of mitigation are available.

MS11-008 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
Recommendation: Deploy patches as soon as possible. Until the patches can be installed, application add-ins for Visio should be disabled.

MS11-009 – Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
Recommendation: Deploy patches as soon as possible. Until the patches can be installed, ActiveX Controls and Active Scripting within the Internet and Local Intranet security zone settings should be set to disabled.

MS11-010 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
Recommendation: Deploy patches as soon as possible as no forms of mitigation are available.

MS11-012 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
Recommendation: Deploy patches as soon as possible as no forms of mitigation are available.

MS11-013 – Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
Recommendation: Deploy patches as soon as possible if using Kerberos authentication as no forms of mitigation are available.

Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

As always, tune in tomorrow (February 9) at 11AM PST for this month’s vulnerability expert forum (VEF). Listen to what Marc Maiffret and the eEye Research team have to say about today’s security bulletins and other security related topics. Just like last month, listeners will have a chance to win an Amazon Kindle, so make sure to sign up and listen for the trivia question.

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,