BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – February 2012

Posted February 14, 2012    Chris Silva

Ahh Valentine’s Day. Time to leave work early, buy a box of chocolates for your loved one, and fight through the crowds for a table at your favorite restaurant. Or, if you happen to be gainfully employed in IT security, time to spend the evening at work with your coworkers, patching servers and drinking a case of Mountain Dew. Much thanks to Microsoft and the Gregorian calendar for making Patch Tuesday and Valentine’s Day fall on the same date. At least it won’t happen again until 2017, right? Try to explain that one to your better half.

To make up for it, Microsoft showered love on the Windows Kernel, Internet Explorer, the C Run-Time Library and .NET – each of which received patches to fix potential remote code execution vulnerabilities. The most noteworthy of these might be CVE-2011-5046, found in MS12-008, which deals with the highly publicized Windows 7 BSoD that when disclosed was first triggered by Apple Safari.

To spread the love around, Visio, SharePoint, the Indeo Codec, the Ancillary Function Driver, and the Color Control Panel also received patches. Yes, you read that correctly, the good old Color Control Panel was patched to protect from DLL Hijacking vulnerabilities. That patch, along with the one associated with the Indeo Codec, bring the grand total of DLL Hijacking related Microsoft Security Advisories to 23. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

In a misguided attempt to gain your affection, Oracle also released a patch for Java today. It contains 14 new security fixes, and Oracle recommends that customers apply the patch as soon as possible.

Want to learn more about these vulnerabilities? Have a question about a security topic or event from the last month? Need help explaining why you had to miss Valentine’s Day to your wife / girlfriend / husband / boyfriend / cat / goldfish? If so, join the eEye Research Team tomorrow for another episode of the Vulnerability Expert Forum (VEF).

Retina Network Security Scanner (and free Retina Community) customers can review the list of audits associated with these bulletins.

And as always, here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS12-008 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text format.

MS12-010 – Cumulative Security Update for Internet Explorer (2647516)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

MS12-013 – Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS12-015 – Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

MS12-016 – Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer. Additionally, prevent Silverlight from running in Internet Explorer, Firefox, or Chrome.

Deploy As Soon As Possible

MS12-009 – Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS12-011 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, enable the XSS filter in Internet Explorer (available in versions 8 and higher).

MS12-012 – Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 at the perimeter firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS12-014 – Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 at the perimeter firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

Leave a Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,