BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Included in the bulletins is the second update to WINS this year (MS11-070). As a reminder, if you are running WINS and you can’t really remember why, you most likely don’t need to be. WINS is used mostly by legacy applications that rely on NetBIOS over TCP/IP to communicate. Take a good hard look at your environment and turn it off if you find it unnecessary. If you really must run WINS, then make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls.

Today also brings the 16th (MS11-071) and 17th (MS11-073) security bulletins related to DLL hijacking. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

For the second month in a row, Adobe also released a security bulletin on Patch Tuesday. Today brings an update to Adobe Reader and Acrobat that is rated critical and patches 13 separate CVEs. It also incorporates last month’s fixes to Adobe Flash. Of particular note is that although affected, Adobe Reader for Unix has not yet been patched. It is scheduled for release on November 3 – so if you use Adobe Reader on Unix, be extra careful as to which PDFs you open for the next few months.

This will likely be the last time Adobe patches Reader and Acrobat 8.x, as end of support is coming on November 3. Hopefully you aren’t still running Reader or Acrobat 8.x anywhere, but if you are, make sure you upgrade soon.

Join us later today for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team will explain today’s security bulletins as well as cover security trends and topics. Can’t wait until 1PM PT? Check out the sneak preview now.

As always, Retina Network Security Scanner customers can check out the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy As Soon As Possible

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel (2003, 2007, and 2010) files that fail validation, block Excel (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel, Word, and PowerPoint (2003, 2007, and 2010) files that fail validation, block Excel, Word, and PowerPoint (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources. Additionally, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, enable the XSS filter in Internet Explorer (available in versions 8 and higher). Note that no mitigations exist for CVE-2011-1252 and CVE-2011-1892.

Leave a Reply

Additional articles

Cavalancia-Headshot - Medium

Making Windows Endpoints the Least of your Worries

Posted September 2, 2015    Nick Cavalancia

We’re all concerned that someday an external hacker will try to gain access to your company’s critical data and systems. The problem? Your endpoints – both your workstations and servers – bypass (and often leave) the safety and security of your environment daily.

Tags:
, ,
powerbroker-difference-2

Why Customers Choose PowerBroker: Low Total Cost of Ownership

Posted September 2, 2015    Scott Lang

In a survey of more than 100 customers, those customers indicated that BeyondTrust’s low powerbroker-difference-2total cost of ownership was a competitive differentiator versus other options in the privileged account management market.

Tags:
, , ,
Larry-Brock-CISO

Passwords: A Hacker’s Best Friend

Posted September 1, 2015    Larry Brock

After all the years of talk about biometrics and multi-factor authentication, we still have passwords and will likely have them for a long time. Because many “high risk” systems require complex passwords (zk7&@1c6), most people that use them believe their passwords are secure. But they aren’t.

Tags:
, ,