Patch Tuesday Analysis for June 2011
Thirty-two Vulnerabilities are addressed with the release of 16 security bulletins for June’s patch Tuesday. We recommend giving first attention to what Microsoft calls critical updates, especially where consistent code is likely as indicated by the exploitability index. We recommend giving priority to domain controllers, servers and workstations in that order. For example MS11-043 and MS11-048 have to do with the Small Message Block (SMB) client and server. Although any server can be vulnerable, domain controllers have shares open to everyone. As cloud computing becomes more common MS11-051 alerts us to a cross-site scripting vulnerability with AD Certificate Services Web Enrollment. The patch is only offered to servers with this role. Servers with custom web enrollment ASP pages will need to have special attention since the custom pages may be lost when the update is applied. The need to test for issues is apparent.
Servers hosting servers with hyper-V can be attacked by the guest server causing a DoS. If your server has that role see MS11-047.
.NET Framework comes under attack as brought out in MS11-039 and MS11-044. The two updates are not related but can affect servers as well as workstations. They can be applied in any order.
Server 2003 can be attacked in the Distributed File System with memory corruption causing remote code or a DoS. Window XP is also vulnerable. The other vulnerability mentioned in MS11-042 can affect other systems with a DoS.
Workstations and Terminal Servers will get the rest of the attention. MS11-050 is a cumulative update and MS11-52 reveals vulnerability in VML. MS11-041 and MS11-046 shows how to correct vulnerabilities in kernel mode drivers.
MS-045 resolves multiple vulnerabilities in Microsoft Excel. Other applications such as SQL Server and Visual Studio have vulnerability in the XML Editor.
Just as the guard at a gate needs to be protected, the Threat Management Gateway client can come under attack and actually introduces a vulnerability (MS11-040). Microsoft suggests as a workaround, not using it. However some kind of malware protection needs to be used at the client level.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS11-038
2476490 | Arbitrary code
/ WMF | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-046
2503665 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| Yes/Yes | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-039
2514842 | Arbitrary code
/ .Net Framework; Silverlight | Workstations
Terminal Servers
Servers
Web Servers
Web Hosting Servers
| No/No | Yes | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Silverlight 4
| | Patch after testing | MS11-051
2518295 | Privilege elevation
/ Active Directory | Servers
| No/No | No | Important | Server 2003
Server 2008
Server 2008 R2
| | Patch after testing | MS11-040
2520426 | Arbitrary code
/ Threat Management Gateway | Workstations
| No/No | No | Critical | Forefront TMG 2010 Client
| Restart Req'd | Patch after testing | MS11-041
2525694 | Arbitrary code
/ Windows kernal mode drivers | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-047
2525835 | Denial of service
/ Hyper-V | Virtual Servers
| No/No | No | Important | Server 2008
Server 2008 R2
| Restart Req'd | Patch after testing | MS11-050
2530548 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Cumulative Update | Patch after testing | MS11-042
2535512 | Arbitrary code
/ Windows | Workstations
Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-048
2536275 | Denial of service
/ SMB Server | Workstations
Servers
Domain Controllers
| No/No | No | Important | Vista
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-043
2536276 | Arbitrary code
/ SMB Client | Workstations
Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-045
2537146 | Arbitrary code
/ Microsoft Office | Workstations
Terminal Servers
| No/No | No | Critical | Office XP
Office 2003
Office 2007
Office 2004 for Mac
Office 2008 for Mac
Comp. Pack for Office 2007
Excel Viewer
Office Converter Pack
Open XML Converter for MAC
Office 2010
Office 2011 for MAC
| Multiple vulnerabilities | Patch after testing | MS11-044
2538814 | Arbitrary code
/ .Net Framework | Workstations
Terminal Servers
Servers
Web Servers
Web Hosting Servers
| Yes/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| | Patch after testing | MS11-049
2543893 | Information disclosure
/ XML Editor | Workstations
Terminal Servers
| No/No | No | Important | SQL Server 2005
SQL Server 2008
Visual Studio 2005
Visual Studio 2008
Office InfoPath 2007
Visual Studio 2010
Office InfoPath 2010
| | Patch after testing | MS11-052
2544521 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| No/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| | Patch after testing | MS11-037
2544893 | Information disclosure
/ MHTML | Workstations
Terminal Servers
| Yes/No | Yes | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart may be req'd | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|