Patch Tuesday Analysis for February 2011
Many of the updates released this month address vulnerabilities in the heart of the OS, affecting key components. A glance at Microsoft’s exploitability index chart indicates that we can expect consistent code likely in the near future. Six of these have already been publicly disclosed.
MS11-003 is a cumulative update addressing 4 vulnerabilities with Internet Explorer, two of which are publicly disclosed. Of those one is being exploited. IIS Servers and Workstations running the FTP service running Vista or later are primarily at risk with the vulnerability addressed in MS11-004. A restart of domain controllers is required to implement MS11-005. Administrators of Server 2003 Domain Controllers will want to plan for this to minimize disruptions. Microsoft indicates that consistent code is unlikely for this vulnerability. MS11-008 addresses two privately reported vulnerabilities in Visio 2002, 2003 and 2007. MS11-010 and MS11-011 both address vulnerabilities that could cause a privilege elevation. These involve basic components of the operating system and so require a restart. In addition, kernel mode drivers can wreak havoc and cause a system to crash. MS11-012 deals with 5 vulnerabilities and a restart is also required for this. To exploit any of these vulnerabilities a use must be able to log on locally or via Terminal Services. MS11-013 addresses 2 vulnerabilities. One of these is not exploitable if the domain is on Server 2008. This first vulnerability has been publicly disclosed. Also a Kerberos Spoofing vulnerability exists on Server 2008 R2 that could weaken Kerberos encryption making it easier to crack. To exploit the vulnerability in MS11-014 a user must be logged on locally.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS11-011
2393802 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| Yes/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-008
2451879 | Arbitrary code
/ Office Visio | Workstations
Terminal Servers
| No/No | Yes | Important | Visio 2003
Visio 2002
Visio 2007
| | Patch after testing | MS11-009
2475792 | Information disclosure
/ JScript and VBScript Scripting Engine | Workstations
Terminal Servers
| No/No | No | Important | Server 2008 R2
Windows 7
| | Patch after testing | MS11-010
2476687 | Privilege elevation
/ Windows | Workstations
| No/No | No | Important | XP
Server 2003
| Restart Req'd | Patch after testing | MS11-005
2478953 | Denial of service
/ Active Directory | Domain Controllers
| Yes/No | No | Important | Server 2003
| | Patch after testing | MS11-014
2478960 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| No/No | No | Important | XP
Server 2003
| Restart Req'd | Patch after testing | MS11-012
2479628 | Privilege elevation
/ Windows kernel mode drivers | Workstations
Terminal Servers
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-003
2482017 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| Yes/Yes | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Cumulative Update; Restart Req'd | Patch after testing | MS11-006
2483185 | Arbitrary code
/ Windows Shell | Workstations
Terminal Servers
| Yes/No | Yes | Critical | XP
Vista
Server 2003
Server 2008
| Restart Req'd; proof of concept code published | Patch after testing | MS11-007
2485376 | Arbitrary code
/ OpenType CFF | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-004
2489256 | Arbitrary code
/ IIS | Workstations
IIS Servers
| Yes/No | Yes | Important | Vista
Server 2008
Server 2008 R2
Windows 7
| | Patch after testing | MS11-013
2496930 | Privilege elevation
/ Kerberos | Workstations
Terminal Servers
Servers
| Yes/No | No | Important | XP
Win2003
Windows 7
Win2008 R2
| Restart Req'd | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|