BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – October 2011

Posted October 11, 2011    Chris Silva

Welcome to another exciting episode of Patch Tuesday, where Microsoft has released a total of 8 bulletins concerning 23 CVEs. 2 bulletins are rated as critical, mostly covering issues within Internet Explorer, while the rest are not as riveting.

The bulletins this month cover a few memory issues within IE that could possibly allow an attacker to execute arbitrary code from a remote location (MS11-081), as well as a fairly serious remote code execution vulnerability found within .NET (MS11-078), which according to some could possibly affect other platforms not specified by Microsoft.

Interestingly enough, MS11-077 deals with a Kernel-mode driver issue when parsing font files (CVE 2011-2003). This issue could potentially allow for remote code execution within the context of SYSTEM, yet was only rated as Important, likely due to the difficulty of exploitation. The remainder of the patches deal with various DLL preloading issues which is nothing new and will most likely remain an issue for some time.

Join us tomorrow for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team (with a special guest appearance by Marc Maiffret) will cover today’s security bulletins and touch on other security trends and topics. Want a sneak preview? Listen now.

Retina Network Security Scanner customers can view the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy Immediately

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block XAML browser applications from running in Internet Explorer. Additionally, prevent the Silverlight ActiveX from running in Internet Explorer, and prevent Silverlight from executing within Firefox and/or Chrome.

MS11-081 – Cumulative Security Update for Internet Explorer (2586448)
Recommendation: Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, read emails in plain text, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

Deploy As Soon As Possible

MS11-075 – Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-076 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-077 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for two of the four CVEs. Until the patch can be installed, mitigate CVE-2011-2002 and CVE-2011-2003 by stopping the WebClient service from running.

MS11-079 – Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Recommendation: Deploy patches as soon as possible, since no mitigation is available for four of the five CVEs. Until the patches can be installed, the remote code execution vulnerability (CVE-2011-1969) can be mitigated by blacklisting the MicrosoftClient.Jar file in the Java\jre6\lib\security\blacklist file.

MS11-080 – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
Recommendation: Since no mitigation is available, deploy patches as soon as possible.

MS11-082 – Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
Recommendation: Deploy patches as soon as possible. Until the patch can be installed, block TCP ports 1477 and 1478 and UDP port 1478 using a firewall.

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,