Patch Tuesday Analysis for June 2011

Thirty-two Vulnerabilities are addressed with the release of 16 security bulletins for June’s patch Tuesday. We recommend giving first attention to what Microsoft calls critical updates, especially where consistent code is likely as indicated by the exploitability index. We recommend giving priority to domain controllers, servers and workstations in that order. For example MS11-043 and MS11-048 have to do with the Small Message Block (SMB) client and server. Although any server can be vulnerable, domain controllers have shares open to everyone. As cloud computing becomes more common MS11-051 alerts us to a cross-site scripting vulnerability with AD Certificate Services Web Enrollment. The patch is only offered to servers with this role. Servers with custom web enrollment ASP pages will need to have special attention since the custom pages may be lost when the update is applied. The need to test for issues is apparent.
Servers hosting servers with hyper-V can be attacked by the guest server causing a DoS. If your server has that role see MS11-047.
.NET Framework comes under attack as brought out in MS11-039 and MS11-044. The two updates are not related but can affect servers as well as workstations. They  can be applied in any order.
Server 2003 can be attacked in the Distributed File System with memory corruption causing remote code or a DoS. Window XP is also vulnerable. The other vulnerability mentioned in MS11-042 can affect other systems with a DoS.
Workstations and Terminal Servers will get the rest of the attention. MS11-050 is a cumulative update and MS11-52 reveals vulnerability in VML.  MS11-041 and MS11-046 shows how to correct vulnerabilities in kernel mode drivers.
MS-045 resolves multiple vulnerabilities in Microsoft Excel. Other applications such as SQL Server and Visual Studio have vulnerability in the XML Editor.
Just as the guard at a gate needs to be protected, the Threat Management Gateway client can come under attack and actually introduces a vulnerability (MS11-040). Microsoft suggests as a workaround, not using it. However some kind of malware protection needs to be used at the client level.
BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS11-038

2476490
Arbitrary code

/ WMF
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-046

2503665
Privilege elevation

/ Windows
Workstations
Terminal Servers
Yes/YesNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-039

2514842
Arbitrary code

/ .Net Framework; Silverlight
Workstations
Terminal Servers
Servers
Web Servers
Web Hosting Servers
No/NoYesCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Silverlight 4
 Patch after testing
MS11-051

2518295
Privilege elevation

/ Active Directory
Servers
No/NoNoImportant Server 2003
Server 2008
Server 2008 R2
 Patch after testing
MS11-040

2520426
Arbitrary code

/ Threat Management Gateway
Workstations
No/NoNoCritical Forefront TMG 2010 Client
Restart Req'dPatch after testing
MS11-041

2525694
Arbitrary code

/ Windows kernal mode drivers
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-047

2525835
Denial of service

/ Hyper-V
Virtual Servers
No/NoNoImportant Server 2008
Server 2008 R2
Restart Req'dPatch after testing
MS11-050

2530548
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Cumulative UpdatePatch after testing
MS11-042

2535512
Arbitrary code

/ Windows
Workstations
Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-048

2536275
Denial of service

/ SMB Server
Workstations
Servers
Domain Controllers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-043

2536276
Arbitrary code

/ SMB Client
Workstations
Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-045

2537146
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/NoNoCritical Office XP
Office 2003
Office 2007
Office 2004 for Mac
Office 2008 for Mac
Comp. Pack for Office 2007
Excel Viewer
Office Converter Pack
Open XML Converter for MAC
Office 2010
Office 2011 for MAC
Multiple vulnerabilitiesPatch after testing
MS11-044

2538814
Arbitrary code

/ .Net Framework
Workstations
Terminal Servers
Servers
Web Servers
Web Hosting Servers
Yes/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS11-049

2543893
Information disclosure

/ XML Editor
Workstations
Terminal Servers
No/NoNoImportant SQL Server 2005
SQL Server 2008
Visual Studio 2005
Visual Studio 2008
Office InfoPath 2007
Visual Studio 2010
Office InfoPath 2010
 Patch after testing
MS11-052

2544521
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS11-037

2544893
Information disclosure

/ MHTML
Workstations
Terminal Servers
Yes/NoYesImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart may be req'dPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.