BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Included in the bulletins is the second update to WINS this year (MS11-070). As a reminder, if you are running WINS and you can’t really remember why, you most likely don’t need to be. WINS is used mostly by legacy applications that rely on NetBIOS over TCP/IP to communicate. Take a good hard look at your environment and turn it off if you find it unnecessary. If you really must run WINS, then make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls.

Today also brings the 16th (MS11-071) and 17th (MS11-073) security bulletins related to DLL hijacking. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

For the second month in a row, Adobe also released a security bulletin on Patch Tuesday. Today brings an update to Adobe Reader and Acrobat that is rated critical and patches 13 separate CVEs. It also incorporates last month’s fixes to Adobe Flash. Of particular note is that although affected, Adobe Reader for Unix has not yet been patched. It is scheduled for release on November 3 – so if you use Adobe Reader on Unix, be extra careful as to which PDFs you open for the next few months.

This will likely be the last time Adobe patches Reader and Acrobat 8.x, as end of support is coming on November 3. Hopefully you aren’t still running Reader or Acrobat 8.x anywhere, but if you are, make sure you upgrade soon.

Join us later today for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team will explain today’s security bulletins as well as cover security trends and topics. Can’t wait until 1PM PT? Check out the sneak preview now.

As always, Retina Network Security Scanner customers can check out the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy As Soon As Possible

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel (2003, 2007, and 2010) files that fail validation, block Excel (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel, Word, and PowerPoint (2003, 2007, and 2010) files that fail validation, block Excel, Word, and PowerPoint (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources. Additionally, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, enable the XSS filter in Internet Explorer (available in versions 8 and higher). Note that no mitigations exist for CVE-2011-1252 and CVE-2011-1892.

Leave a Reply

Additional articles

gartner market guide image - aug 2014

Introducing the Gartner Market Guide for Privileged Account Management

Posted July 29, 2014    Chris Burd

Gartner recently released a new Market Guide for Privileged Account Management (PAM), and we’d like to share a complimentary copy with you. The report includes PAM market analysis and direction, vendor overviews, and recommendations for selecting PAM solutions for your environment. BeyondTrust is one of two representative vendors (out of 20) to address all solution…

Tags:
, , , , , , , ,
Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,