BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – October 2011

Posted October 11, 2011    Chris Silva

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

The bulletins this month cover a few memory issues within IE that could possibly allow an attacker to execute arbitrary code from a remote location (MS11-081), as well as a fairly serious remote code execution vulnerability found within .NET (MS11-078), which according to some could possibly affect other platforms not specified by Microsoft.

Interestingly enough, MS11-077 deals with a Kernel-mode driver issue when parsing font files (CVE 2011-2003). This issue could potentially allow for remote code execution within the context of SYSTEM, yet was only rated as Important, likely due to the difficulty of exploitation. The remainder of the patches deal with various DLL preloading issues which is nothing new and will most likely remain an issue for some time.

Join us tomorrow for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team (with a special guest appearance by Marc Maiffret) will cover today’s security bulletins and touch on other security trends and topics. Want a sneak preview? Listen now.

Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer. Additionally, prevent the Silverlight ActiveX from running in Internet Explorer, and prevent Silverlight from executing within Firefox and/or Chrome.

MS11-081 – Cumulative Security Update for Internet Explorer (2586448)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

Deploy As Soon As Possible

MS11-075 – Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-076 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-077 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for two of the four CVEs. Until the patch can be installed, mitigate CVE-2011-2002 and CVE-2011-2003 by stopping the WebClient service from running.

MS11-079 – Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for four of the five CVEs. Until the patches can be installed, the remote code execution vulnerability (CVE-2011-1969) can be mitigated by blacklisting the MicrosoftClient.Jar file in the Java\jre6\lib\security\blacklist file.

MS11-080 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Recommendation: Since no mitigation is available, deploy patches as soon as possible.

MS11-082 – Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block TCP ports 1477 and 1478 and UDP port 1478 using a firewall.

Leave a Reply

Additional articles

Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,
CyberResiliency

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015    Nigel Hedges

There were 6 key principles, or recommendations, that Gartner suggested were important drivers towards a great cyber resiliency posture. I commented more than once during the conference that many of these things were not new. They are all important recommendations that are best when placed together and given to senior management and the board – a critical element of organisations that desperately need to “get it”.

Tags:
,
powerbroker-difference-1

Why Customers Choose PowerBroker: Flexible Deployment Options

Posted August 26, 2015    Scott Lang

BeyondTrust commissioned a study of our customer base in early 2015 to determine how we are different from other alternatives in the market. What we learned was that there were six key differentiators that separate BeyondTrust from other solution providers in the market. We call it the PowerBroker difference,

Tags:
, ,