BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – January 2012

Posted January 10, 2012    Chris Silva

Before we get started on this month’s releases, just a quick reminder that Microsoft released an out-of-band (OOB) security bulletin (MS11-100) late last month. That brought their 2011 total to 100 bulletins – so much for keeping it in double digits.

To start off the new year, today Microsoft released seven bulletins. Microsoft finally tamed the BEAST with this latest patch Tuesday – if you remember it was held back last month for not playing well with other software. Redmond also included patches for two issues leading to remote code execution within Windows Media Player and DirectShow, as well as a tricky Unicode parsing gaff found in Japanese, Chinese and Korean locale configurations.

Not to be left out, Adobe released a bulletin that addressed four different remote code execution vulnerabilities within Adobe Acrobat and Adobe Reader.

Tomorrow brings another episode of the Vulnerability Expert Forum (VEF). Listen in as the eEye Research Team discusses today’s bulletins and the month in security.

The list of Retina Network Security Scanner audits associated with these bulletins is also available for your reference.

Here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS12-004 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, disable MIDI files from being parsed and disable the Line21 filter for DirectShow.

Deploy As Soon As Possible

MS12-001 – Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, make sure that Structured Exception Handling Overwrite Protection (SEHOP) is enabled on affected systems. This mitigation is not available to XP and Server 2003 users. Additionally, developers are encouraged to use a version of Visual C++ more recent than 2003; using the most recent version of software is always advised as a security best practice (see the eEye configuration report at www.eeye.com/securityresearch for more information).

MS12-002 – Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall and prevent the WebClient service from running. Additionally, use the registry editor to set a full path to packager.exe in the default value of HKCR\Package\Protocol\StdFileEditing\Server.

MS12-003 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS12-005 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, unregister the .application file association in the Windows registry.

MS12-006 – Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, Enable TLS 1.1 and 1.2, prioritize the RC4 algorithm over CBC.

Deploy At Earliest Convenience

MS12-007 – Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

Leave a Reply

Additional articles

darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,
normal-blog-img

New IT Security Best Practices for Maintaining “Business as Usual” Despite Evolving Threats

Posted August 13, 2014    Morey Haber

It’s time to get back to business. Here in the U.S., summer vacations are wrapping up and businesses are looking forward to closing out 2014. Over the past year, we’ve seen several incidents that warrant changes in the ways consumers make purchases and businesses conduct transactions. Consider last week’s theft of a whopping 1.2 billion…

Tags:
, , ,

Retina Vulnerability Audits – August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this August 2014 Patch Tuesday: MS14-043 - Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 34924 – Microsoft WMC Remote Code Execution (2978742) MS14-044 - Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 34915 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008 34916 –…