BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – November 2010

Posted November 10, 2010    Chris Silva

Finally a reprieve from the barrage of Microsoft Patches. This month, Microsoft only released 3 security bulletins, patching a total of 11 vulnerabilities. Good news for IT server admins, as the patches only affected Microsoft Office and Microsoft Forefront Unified Access Gateway. This means that most of you won’t need to reboot your servers this week.

It should be noted that late last week Adobe released an out-of-band patch for Reader, Acrobat and AIR. This was for a zero-day vulnerability (CVE-2010-2884) that was initially patched in Flash on September 20th. Even with this patch, Adobe currently has several additional zero-day vulnerabilities within Reader and Shockwave. Check out our Zero-Day Tracker for more details.

Again, eEye Digital Security will be hosting the vulnerability expert forum (VEF) on Wednesday, November 10th at 11AM PST. The vulnerability expert forum is a live webcast where the eEye research team will discuss these patches and additional security landscape topics. Be sure to sign up in advance.  As there are only three Microsoft bulletins to cover, we should have a fair amount of time to review the security landscape and answer any questions that you might have.

Here are our recommendations for the three security updates. You can find our full write-up in newsletter format here. Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

CRITICAL

MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

  • Analysis
    Several vulnerabilities exist in the way Microsoft Office handles Office files; the most severe of which could allow for Remote Code Execution. To successfully exploit these vulnerabilities, an attacker would need to convince a user to open a specially crafted Office file or Rich Text Format file, which would be hosted on the attacker-controlled site. Successful exploitation would permit the attacker to execute code within the user’s context. If a user had administrative privileges, the attacker could gain full control of the computer.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, avoid opening Microsoft Office files from untrusted or unknown sources and set all emails to be displayed as plain text rather than rich text format. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown and untrusted sources.

MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

  • Analysis
    There is a buffer overflow vulnerability and a heap corruption vulnerability in the way Microsoft PowerPoint handles PowerPoint files. An attacker would need to convince a user to open a specially crafted PowerPoint file in order to exploit this vulnerability, which could be hosted on an attacker-controlled site or sent via email or instant messenger. Once exploited, these vulnerabilities allow an attacker to execute code with the same privileges as the user. An attacker could gain full control of the computer if the user had administrative privileges.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, restrict the access to the pp7x32.ddl file for any user running PowerPoint 2002. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown or untrusted sources.

IMPORTANT

MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

  • Analysis
    There are 4 vulnerabilities within Microsoft Forefront Unified Access Gateway, the most severe of which is a spoofing vulnerability. This could be used by an attacker to convince a user that they are viewing a legitimate UAG page. The attacker could trick the user into providing credentials to the attacker, since the attacker’s page would look like the UAG page they were attempting to visit. That could be used by the attacker to gain unauthorized access to the UAG.
  • Recommendations
    Administrators are urged to patch this at their earliest convenience. There are no workarounds other than the patch provided by Microsoft.

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,