BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – October 2011

Posted October 11, 2011    Chris Silva

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

The bulletins this month cover a few memory issues within IE that could possibly allow an attacker to execute arbitrary code from a remote location (MS11-081), as well as a fairly serious remote code execution vulnerability found within .NET (MS11-078), which according to some could possibly affect other platforms not specified by Microsoft.

Interestingly enough, MS11-077 deals with a Kernel-mode driver issue when parsing font files (CVE 2011-2003). This issue could potentially allow for remote code execution within the context of SYSTEM, yet was only rated as Important, likely due to the difficulty of exploitation. The remainder of the patches deal with various DLL preloading issues which is nothing new and will most likely remain an issue for some time.

Join us tomorrow for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team (with a special guest appearance by Marc Maiffret) will cover today’s security bulletins and touch on other security trends and topics. Want a sneak preview? Listen now.

Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer. Additionally, prevent the Silverlight ActiveX from running in Internet Explorer, and prevent Silverlight from executing within Firefox and/or Chrome.

MS11-081 – Cumulative Security Update for Internet Explorer (2586448)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

Deploy As Soon As Possible

MS11-075 – Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-076 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-077 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for two of the four CVEs. Until the patch can be installed, mitigate CVE-2011-2002 and CVE-2011-2003 by stopping the WebClient service from running.

MS11-079 – Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for four of the five CVEs. Until the patches can be installed, the remote code execution vulnerability (CVE-2011-1969) can be mitigated by blacklisting the MicrosoftClient.Jar file in the Java\jre6\lib\security\blacklist file.

MS11-080 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Recommendation: Since no mitigation is available, deploy patches as soon as possible.

MS11-082 – Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block TCP ports 1477 and 1478 and UDP port 1478 using a firewall.

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,