BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Microsoft Patch Tuesday – November 2011

Post by Chris Silva November 8, 2011

This month Microsoft released four security bulletins, patching a total of four vulnerabilities. Included in this month’s bulletins is a particularly ugly vulnerability in tcpip.sys (MS11-083). This vulnerability involves sending a large amount of UDP packets to a closed port. While the amount of work to exploit seems great and Microsoft feels that exploitation will prove unreliable, the reward is high – remote unauthenticated code execution within the kernel. To prevent exploitation, firewall all unused UDP ports at the perimeter, and install the patch as soon as possible.

Not patched this month is the zero-day vulnerability leveraged by Duqu. Last Thursday, Microsoft released a security advisory (2639658) outlining the vulnerability and providing a workaround. Microsoft is already working on a fix, but they did state in advance it would not be ready in time for this patch Tuesday. Given the amount of press that Duqu has received, we’ll see if Microsoft waits until December to patch this or if they release an out-of-band fix sometime this month.

Join us tomorrow for another edition of the Vulnerability Expert Forum (VEF). Marc Maiffret and the eEye Research Team will be talking about today’s security bulletins as well as other security related topics and issues.

Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS11-083 – Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, any unused UDP ports should be blocked at the external firewall.

Deploy As Soon As Possible

MS11-085 – Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-086 – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, remove the user account that is associated with the revoked certificate. Also, use LDAPS along with IPsec-based connections that are in “Always check CRL” mode.

Deploy At Earliest Convenience

MS11-084 – Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
Recommendation: Deploy patches at the earliest convenience. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and disable both the Preview and Details Pane in Windows Explorer.

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,