Patch Tuesday Analysis for July 2011
This month, most of the focus is on workstations for Patch Tuesday. Many just let Windows Update install these automatically while admins for an enterprise like to see what kind of impact the updates will have. Both approaches have their advantages but once a vulnerability is disclosed, the clock starts ticking.
For the first one, Windows 7 and Vista workstations are only affected if Bluetooth capability is installed. MS11-053 addresses the vulnerability. Even if your hardware is not Bluetooth capable, someone could install a PCMCIA card or USB and the driver to enable it. Therefore all workstations with these operating systems should get the update.
To exploit one of the 15 kernel mode driver vulnerabilities reported in MS11-054, one would have to log on locally. This would include via remote desktop or RDP so Terminal Servers are also vulnerable.
Five vulnerabilities in CSRSS (Client/Server Runtime Sub-System) are addressed with MS11-056. Since the exploits require a local logon, workstations and Terminal Servers are primarily affected.
Both of these updates will also be offered for servers and will require a restart.
Admins may find some features of Visio need to be re-installed after applying the update MS11-055.
Get my on-site classroom audit training program right now with my Audit and Assessment of Active Directory On-Demand class. This isn’t your normal passive DVD class. My AAAD On-Demand is a highly interactive training course designed to closely duplicate my one-on-one personal training. Take the FREE sample course here: AAAD-OI FREE SAMPLE!
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS11-056
2507938 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-054
2555917 | Privilege elevation
/ Windows kernal mode drivers | Workstations
Terminal Servers
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-055
2560847 | Arbitrary code
/ Office Visio | Workstations
Terminal Servers
| Yes/No | No | Important | Visio 2003
| | Patch after testing | MS11-053
2566220 | Arbitrary code
/ Bluetooth | Workstations
| No/No | Yes | Critical | Vista
Windows 7
| | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|