BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Microsoft Patch Tuesday – September 2011

Posted September 14, 2011    Chris Silva

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Included in the bulletins is the second update to WINS this year (MS11-070). As a reminder, if you are running WINS and you can’t really remember why, you most likely don’t need to be. WINS is used mostly by legacy applications that rely on NetBIOS over TCP/IP to communicate. Take a good hard look at your environment and turn it off if you find it unnecessary. If you really must run WINS, then make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls.

Today also brings the 16th (MS11-071) and 17th (MS11-073) security bulletins related to DLL hijacking. As a reminder, even after patching it is a good idea to follow the mitigation steps outlined in KB2269637 as numerous other third-party software products are affected and unpatched.

For the second month in a row, Adobe also released a security bulletin on Patch Tuesday. Today brings an update to Adobe Reader and Acrobat that is rated critical and patches 13 separate CVEs. It also incorporates last month’s fixes to Adobe Flash. Of particular note is that although affected, Adobe Reader for Unix has not yet been patched. It is scheduled for release on November 3 – so if you use Adobe Reader on Unix, be extra careful as to which PDFs you open for the next few months.

This will likely be the last time Adobe patches Reader and Acrobat 8.x, as end of support is coming on November 3. Hopefully you aren’t still running Reader or Acrobat 8.x anywhere, but if you are, make sure you upgrade soon.

Join us later today for another edition of the Vulnerability Expert Forum (VEF). The eEye Research Team will explain today’s security bulletins as well as cover security trends and topics. Can’t wait until 1PM PT? Check out the sneak preview now.

As always, Retina Network Security Scanner customers can check out the list of audits associated with these bulletins.

Here are this month’s recommendations from the eEye Research Team:

Deploy As Soon As Possible

MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
Recommendation: Deploy patches as soon as possible, since no mitigation is available.

MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel (2003, 2007, and 2010) files that fail validation, block Excel (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources.

MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, block Office Excel, Word, and PowerPoint (2003, 2007, and 2010) files that fail validation, block Excel, Word, and PowerPoint (2003, 2007, and 2010) files from untrusted sources and use MOICE when opening files that are not from trusted sources. Additionally, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLLs from being loaded from WebDAV and remote shares.

MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Recommendation: Deploy patches as soon as possible. Until the patch can be applied, enable the XSS filter in Internet Explorer (available in versions 8 and higher). Note that no mitigations exist for CVE-2011-1252 and CVE-2011-1892.

Leave a Reply

Additional articles

pbps-customer-campaign-image

Are you changing your passwords as often as the weather changes?

Posted April 20, 2015    Scott Lang

There is one thing that should change more frequently than the weather: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations, and you don’t have a process to control those accounts.

Tags:
, , , ,
webinar1

On Demand Webinar: Advanced Windows Tracing

Posted April 17, 2015    BeyondTrust Software

Webinar: Security MVP, Paula Januszkiewicz, shows Windows administrators how to be more aware of what happens whenever somebody does something within the system.

Tags:
, ,
5

The Delicate Art of Remote Checks – A Glance Into MS15-034

Posted April 15, 2015    Bill Finlayson

Remote vulnerability detection – using ms15-034 as an example.

Tags:
, ,