BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Included in the bulletins is the second update to WINS this year (MS11-070). As a reminder, if you are running WINS and you can’t really remember why, you most likely don’t need to be. WINS is used mostly by legacy applications that rely on NetBIOS over TCP/IP to communicate. Take a good hard look at your environment and turn it off if you find it unnecessary. If you really must run WINS, then make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls.

Today also brings the 16th (MS11-071) and 17th (MS11-073) security bulletins related to DLL hijacking. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

For the second month in a row, Adobe also released a security bulletin on Patch Tuesday. Today brings an update to Adobe Reader and Acrobat that is rated critical and patches 13 separate CVEs. It also incorporates last month’s fixes to Adobe Flash. Of particular note is that although affected, Adobe Reader for Unix has not yet been patched. It is scheduled for release on November 3 – so if you use Adobe Reader on Unix, be extra careful as to which PDFs you open for the next few months.

This will likely be the last time Adobe patches Reader and Acrobat 8.x, as end of support is coming on November 3. Hopefully you aren’t still running Reader or Acrobat 8.x anywhere, but if you are, make sure you upgrade soon.

Join us later today for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team will explain today’s security bulletins as well as cover security trends and topics. Can’t wait until 1PM PT? Check out the sneak preview now.

As always, Retina Network Security Scanner customers can check out the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy As Soon As Possible

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel (2003, 2007, and 2010) files that fail validation, block Excel (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel, Word, and PowerPoint (2003, 2007, and 2010) files that fail validation, block Excel, Word, and PowerPoint (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources. Additionally, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, enable the XSS filter in Internet Explorer (available in versions 8 and higher). Note that no mitigations exist for CVE-2011-1252 and CVE-2011-1892.

Leave a Reply

Additional articles

randy franklin smith

At the End of Day You Can’t Control What Privileged Users Do: It’s about Detective/Deterrent Controls and Accountability

Posted March 31, 2015    Randy Franklin Smith

Live Webinar: Thursday, April 2, 2015 | 10am PT/1pm ET | REGISTER NOW! In this webinar, Security Expert Randy Franklin Smith will look at how to audit what admins do inside Linux and UNIX with sudo’s logging capabilities.

Tags:
, ,
BA_Hacked

British Airways Executive Club Member Accounts Hacked

Posted March 30, 2015    Brian Chappell

British Airways has released information regarding the hacking of a number of their Executive Club (BA’s frequent flyer programme) member’s accounts.

Tags:
, , ,
webinar_ondemand

On Demand Webinar – Why You Still Suck at Patching

Posted March 27, 2015    Lindsay Marsh

On Demand Webinar: Dave Shackleford recounts some of his personal experiences in patch management failure, and breaks down the most critical issues holding many teams back from patching more effectively.

Tags:
,