BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Included in the bulletins is the second update to WINS this year (MS11-070). As a reminder, if you are running WINS and you can’t really remember why, you most likely don’t need to be. WINS is used mostly by legacy applications that rely on NetBIOS over TCP/IP to communicate. Take a good hard look at your environment and turn it off if you find it unnecessary. If you really must run WINS, then make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls.

Today also brings the 16th (MS11-071) and 17th (MS11-073) security bulletins related to DLL hijacking. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

For the second month in a row, Adobe also released a security bulletin on Patch Tuesday. Today brings an update to Adobe Reader and Acrobat that is rated critical and patches 13 separate CVEs. It also incorporates last month’s fixes to Adobe Flash. Of particular note is that although affected, Adobe Reader for Unix has not yet been patched. It is scheduled for release on November 3 – so if you use Adobe Reader on Unix, be extra careful as to which PDFs you open for the next few months.

This will likely be the last time Adobe patches Reader and Acrobat 8.x, as end of support is coming on November 3. Hopefully you aren’t still running Reader or Acrobat 8.x anywhere, but if you are, make sure you upgrade soon.

Join us later today for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team will explain today’s security bulletins as well as cover security trends and topics. Can’t wait until 1PM PT? Check out the sneak preview now.

As always, Retina Network Security Scanner customers can check out the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy As Soon As Possible

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel (2003, 2007, and 2010) files that fail validation, block Excel (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel, Word, and PowerPoint (2003, 2007, and 2010) files that fail validation, block Excel, Word, and PowerPoint (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources. Additionally, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, enable the XSS filter in Internet Explorer (available in versions 8 and higher). Note that no mitigations exist for CVE-2011-1252 and CVE-2011-1892.

Leave a Reply

Additional articles

pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Tags:
, , , , ,

Retina Vulnerability Audits – September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this September 2014 Patch Tuesday: MS14-052 – Cumulative Security Update for Internet Explorer (2977629) 35141 – Microsoft Cumulative Security Update for Internet Explorer (2977629) 35142 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8/2003 35143 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8…