BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – November 2010

Posted November 10, 2010    Chris Silva

Finally a reprieve from the barrage of Microsoft Patches. This month, Microsoft only released 3 security bulletins, patching a total of 11 vulnerabilities. Good news for IT server admins, as the patches only affected Microsoft Office and Microsoft Forefront Unified Access Gateway. This means that most of you won’t need to reboot your servers this week.

It should be noted that late last week Adobe released an out-of-band patch for Reader, Acrobat and AIR. This was for a zero-day vulnerability (CVE-2010-2884) that was initially patched in Flash on September 20th. Even with this patch, Adobe currently has several additional zero-day vulnerabilities within Reader and Shockwave. Check out our Zero-Day Tracker for more details.

Again, eEye Digital Security will be hosting the vulnerability expert forum (VEF) on Wednesday, November 10th at 11AM PST. The vulnerability expert forum is a live webcast where the eEye research team will discuss these patches and additional security landscape topics. Be sure to sign up in advance.  As there are only three Microsoft bulletins to cover, we should have a fair amount of time to review the security landscape and answer any questions that you might have.

Here are our recommendations for the three security updates. You can find our full write-up in newsletter format here. Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

CRITICAL

MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

  • Analysis
    Several vulnerabilities exist in the way Microsoft Office handles Office files; the most severe of which could allow for Remote Code Execution. To successfully exploit these vulnerabilities, an attacker would need to convince a user to open a specially crafted Office file or Rich Text Format file, which would be hosted on the attacker-controlled site. Successful exploitation would permit the attacker to execute code within the user’s context. If a user had administrative privileges, the attacker could gain full control of the computer.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, avoid opening Microsoft Office files from untrusted or unknown sources and set all emails to be displayed as plain text rather than rich text format. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown and untrusted sources.

MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

  • Analysis
    There is a buffer overflow vulnerability and a heap corruption vulnerability in the way Microsoft PowerPoint handles PowerPoint files. An attacker would need to convince a user to open a specially crafted PowerPoint file in order to exploit this vulnerability, which could be hosted on an attacker-controlled site or sent via email or instant messenger. Once exploited, these vulnerabilities allow an attacker to execute code with the same privileges as the user. An attacker could gain full control of the computer if the user had administrative privileges.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, restrict the access to the pp7x32.ddl file for any user running PowerPoint 2002. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown or untrusted sources.

IMPORTANT

MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

  • Analysis
    There are 4 vulnerabilities within Microsoft Forefront Unified Access Gateway, the most severe of which is a spoofing vulnerability. This could be used by an attacker to convince a user that they are viewing a legitimate UAG page. The attacker could trick the user into providing credentials to the attacker, since the attacker’s page would look like the UAG page they were attempting to visit. That could be used by the attacker to gain unauthorized access to the UAG.
  • Recommendations
    Administrators are urged to patch this at their earliest convenience. There are no workarounds other than the patch provided by Microsoft.

Leave a Reply

Additional articles

Cavalancia-Headshot - Medium

Making Windows Endpoints the Least of your Worries

Posted September 2, 2015    Nick Cavalancia

We’re all concerned that someday an external hacker will try to gain access to your company’s critical data and systems. The problem? Your endpoints – both your workstations and servers – bypass (and often leave) the safety and security of your environment daily.

Tags:
, ,
powerbroker-difference-2

Why Customers Choose PowerBroker: Low Total Cost of Ownership

Posted September 2, 2015    Scott Lang

In a survey of more than 100 customers, those customers indicated that BeyondTrust’s low powerbroker-difference-2total cost of ownership was a competitive differentiator versus other options in the privileged account management market.

Tags:
, , ,
Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,