Patch Tuesday Analysis for July 2011

This month, most of the focus is on workstations for Patch Tuesday.  Many just let Windows Update install these automatically while admins for an enterprise like to see what kind of impact the updates will have. Both approaches have their advantages but once a vulnerability is disclosed, the clock starts ticking.

For the first one, Windows 7 and Vista workstations are only affected if Bluetooth capability is installed. MS11-053 addresses the vulnerability. Even if your hardware is not Bluetooth capable, someone could install a PCMCIA card or USB and the driver to enable it. Therefore all workstations with these operating systems should get the update.

To exploit one of the 15 kernel mode driver vulnerabilities reported in MS11-054, one would have to log on locally. This would include via remote desktop or RDP so Terminal Servers are also vulnerable.

Five vulnerabilities in CSRSS (Client/Server Runtime Sub-System) are addressed with MS11-056. Since the exploits require a local logon, workstations and Terminal Servers are primarily affected.

Both of these updates will also be offered for servers and will require a restart.

Admins may find some features of Visio need to be re-installed after applying the update MS11-055. 

Get my on-site classroom audit training program right now with my Audit and Assessment of Active Directory On-Demand class.  This isn’t your normal passive DVD class.  My AAAD On-Demand is a highly interactive training course designed to closely duplicate my one-on-one personal training.  Take the FREE sample course here:  AAAD-OI FREE SAMPLE!
 

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS11-056

2507938
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-054

2555917
Privilege elevation

/ Windows kernal mode drivers
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-055

2560847
Arbitrary code

/ Office Visio
Workstations
Terminal Servers
Yes/NoNoImportant Visio 2003
 Patch after testing
MS11-053

2566220
Arbitrary code

/ Bluetooth
Workstations
No/NoYesCritical Vista
Windows 7
 Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.