BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Patch Tuesday Updates

Posted April 13, 2010    Chris Silva

As promised, here are the recommendations related to today’s Patch Tuesday. You can find our full write-up in newsletter format here.

MS10-019 – Vulnerabilities in Windows Could Allow Remote Code Execution (981210)

Administrators are urged to roll out this patch as soon as possible to all Windows systems. Until these systems are patched, it is strongly advised that users not attempt to use signed portable executable files or cabinet files from untrusted sources.

MS10-020 – Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

Administrators are urged to apply the patch as soon as possible to all vulnerable Windows 2000 machines. Until this is complete, Administrators should block access to port 1755 on Windows 2000 servers running Windows media services.

MS10-021 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)

Apply the patch after testing in virtual environments or test environments in order to ensure the kernel patch does not trigger conflicts with mission critical software.

MS10-022 – Vulnerability in VBScript Could Allow Remote Code Execution (981169)

Use CACLs to disable access to the Windows Help Subsystem (“%windir%\winhlp32.exe”) until the patch can be applied.

MS10-023 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)

For users with Microsoft Office Publisher, until the patch is installed, do not download and view untrusted PUB files until the patch is applied.

MS10-024 – Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)

Apply the patch immediately to prevent attackers from exploiting either vulnerability against the vulnerable Exchange or SMTP servers.

MS10-025 – Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)

Administrators are urged to apply the patch as soon as possible to all vulnerable Windows 2000 machines. Until this is complete, Administrators should block access to port 1755 on Windows 2000 servers running Windows media services.

MS10-026 – Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)

Administrators are urged to roll out this patch as soon as possible to all Windows systems, prior to distributing the patch administrators can disable access to “%windir%\system32\l3codeca.acm” and “%windir%\system32\l3codecx.ax” via using CACLS in order to prevent AVI files with embedded MP3 audio codecs from being played. (Note: this will cause some videos to be displayed improperly).

MS10-027 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

Until administrators apply this critical patch, they are advised to set the killbit flag to the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BF52A52-394A-11d3-B153-00C04F79FAA6} and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6BF52A52-394A-11d3-B153-00C04F79FAA6}. This would disable the ActiveX components of Windows Media player from executing until administrators can apply the patch.

MS10-028 – Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

For users with Microsoft Office Visio, until the patch is installed and applied, do not download and view untrusted Visio files.

MS10-029 – Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)

Apply this update as soon as possible to affected systems. Until the patch is applied, block IPv6 communications through a firewall.

eEye Digital Security will be holding a vulnerability expert forum (VEF) tomorrow at 11AM PDT. The vulnerability expert forum is a live webcast where the eEye research team will discuss these patches and additional security landscape topics. Be sure to sign up in advance.

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,