Patch Tuesday Analysis for November 2011
This month’s security bulletins underscore the need for multiple layers of protection or “in-depth” security. In all four of the bulletins released today, a firewall can mitigate or be used as a workaround for the vulnerability.
In MS11-083 for example the recommendation is to block unneeded UDP packets at the firewall. Do not rely on just the OS. If you have an intrusion detection system, it could watch for streams of UDP packets to a closed port.
Block SMB traffic to mitigate the vulnerability described in MS11-084 to help prevent a DoS attack on workstations and Terminal Servers.
As Microsoft indicates, "Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed" Don’t rely only on the last point of entry, the Windows Operating System, but include a perimeter firewall.
MS11-086 is interesting to all using AD Services. A vulnerability exists where users with a previously revoked certificate can still authenticate to the Active Directory domain. To prevent this, remove or disable the user account on the domain that was subject to the revoked certificate.
For all of these we recommend patching after appropriate testing.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS11-083
2588516 | Arbitrary code
/ Windows | Workstations
Servers
| No/No | Yes | Critical | Vista
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-084
2617657 | Denial of service
/ Windows kernal mode drivers | Workstations
Terminal Servers
| No/No | No | Moderate | Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-085
2620704 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | No | Important | Vista
Server 2008
Server 2008 R2
Windows 7
| | Patch after testing | MS11-086
2630837 | Privilege elevation
/ Active Directory | Workstations
Servers
Domain Controllers
| No/No | Yes | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd; Only systems with AD services | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|