BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – November 2010

Posted November 10, 2010    Chris Silva

Finally a reprieve from the barrage of Microsoft Patches. This month, Microsoft only released 3 security bulletins, patching a total of 11 vulnerabilities. Good news for IT server admins, as the patches only affected Microsoft Office and Microsoft Forefront Unified Access Gateway. This means that most of you won’t need to reboot your servers this week.

It should be noted that late last week Adobe released an out-of-band patch for Reader, Acrobat and AIR. This was for a zero-day vulnerability (CVE-2010-2884) that was initially patched in Flash on September 20th. Even with this patch, Adobe currently has several additional zero-day vulnerabilities within Reader and Shockwave. Check out our Zero-Day Tracker for more details.

Again, eEye Digital Security will be hosting the vulnerability expert forum (VEF) on Wednesday, November 10th at 11AM PST. The vulnerability expert forum is a live webcast where the eEye research team will discuss these patches and additional security landscape topics. Be sure to sign up in advance.  As there are only three Microsoft bulletins to cover, we should have a fair amount of time to review the security landscape and answer any questions that you might have.

Here are our recommendations for the three security updates. You can find our full write-up in newsletter format here. Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

CRITICAL

MS10-087 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

  • Analysis
    Several vulnerabilities exist in the way Microsoft Office handles Office files; the most severe of which could allow for Remote Code Execution. To successfully exploit these vulnerabilities, an attacker would need to convince a user to open a specially crafted Office file or Rich Text Format file, which would be hosted on the attacker-controlled site. Successful exploitation would permit the attacker to execute code within the user’s context. If a user had administrative privileges, the attacker could gain full control of the computer.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, avoid opening Microsoft Office files from untrusted or unknown sources and set all emails to be displayed as plain text rather than rich text format. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown and untrusted sources.

MS10-088 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

  • Analysis
    There is a buffer overflow vulnerability and a heap corruption vulnerability in the way Microsoft PowerPoint handles PowerPoint files. An attacker would need to convince a user to open a specially crafted PowerPoint file in order to exploit this vulnerability, which could be hosted on an attacker-controlled site or sent via email or instant messenger. Once exploited, these vulnerabilities allow an attacker to execute code with the same privileges as the user. An attacker could gain full control of the computer if the user had administrative privileges.
  • Recommendations
    Apply patch as soon as possible. Until patches can be applied, restrict the access to the pp7x32.ddl file for any user running PowerPoint 2002. Additionally, administrators my set a Microsoft Office File Block Policy to block all files from Office 2003 and earlier from unknown or untrusted sources.

IMPORTANT

MS10-089 – Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

  • Analysis
    There are 4 vulnerabilities within Microsoft Forefront Unified Access Gateway, the most severe of which is a spoofing vulnerability. This could be used by an attacker to convince a user that they are viewing a legitimate UAG page. The attacker could trick the user into providing credentials to the attacker, since the attacker’s page would look like the UAG page they were attempting to visit. That could be used by the attacker to gain unauthorized access to the UAG.
  • Recommendations
    Administrators are urged to patch this at their earliest convenience. There are no workarounds other than the patch provided by Microsoft.

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,