Patch Tuesday Analysis for August 2011
This month’s security updates will keep all who are involved busy as we work with various kinds of servers and workstations. We recommend giving attention to the first two bulletins:
The first critical update is a cumulative update for Internet Explorer (MS11-057). For two of the vulnerabilities, proof-of-concept code has been published. The update includes some additional defense-in-depth changes. Of interest, one of these is the ability of users to block cross-domain drag and drop functionality. The exploit may attempt to trick you into disclosing information by dropping the info onto their web page. Many users will probably not select this “ability” to block unless forced to do so.
Administrators of DNS Servers will want to give attention to MS11-058. Servers without the DNS role are not affected. The likelihood of successful exploit code is high.
Bulletin MS11-060 is a Visio vulnerability, where a malicious file could be sent by email or a web page.
Remote Desktop Web Access is vulnerable as indicated in MS11-061, but only on Server 2008 R2 SP1 for x-64-based systems. The role is not installed by default so only a limited number of servers will need this update.
MS11-062 indicates RAS on XP and Server 2003 has a driver that is vulnerable. An attacker must log on locally to exploit this.
A local logon is also necessary to exploit the vulnerability in MS 11-063. This affects all supported versions of Windows and Microsoft indicates successful exploit code is likely.
A denial of service vulnerability exists in RDP (Remote Desktop Protocol). This technology has various names such as Terminal Services, Remote Desktop, Remote Assistance, Remote Desktop Help Session Manager, Remote Web Workplace, and Remote Desktop for Administration. The workaround for workstations is to disable RDP if you’re not using it. That’s a best practice for all services but it wouldn’t be practical if you’re running a Terminal Server. We’ve included all types of systems because many organizations use RDP for administration purposes. See MS11-065.
Web applications using Microsoft Chart Control on .NET Framework 4.0 are vulnerable. MS11-066 addresses the issue.
An unrelated vulnerability also affects .Net Framework and is addressed with MS11-069.
At the height of the Roman Empire it could be said that “All roads lead to Rome” and it’s getting that way with Active Directory. AD is the hub of identity and access management (IAM) for most networks today and there is a great need for integration between AD and other systems so that IAM is up-to-date and consistent across your organization. Building the roads that connected the Roman Empire required new techniques and tools. Likewise building an integrated IAM environment with AD at the center requires a new set of tools of methods and that’s what I’m going to show you in this next real-training for free™ session: Top Tools and Techniques for Transferring Identity and Access Data to and from Active Directory
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS11-061
2546250 | Privilege elevation
/ Remote Desktop | Web Servers
| No/No | No | Important | Server 2008 R2
| Only systems with RD Web Access | Patch after testing | MS11-068
2556532 | Denial of service
/ Windows | Workstations
Terminal Servers
| No/No | No | Moderate | Vista
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-057
2559049 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| Yes/No | No | Critical | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after minimal testing | MS11-059
2560656 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | No | Important | Server 2008 R2
Windows 7
| | Patch after testing | MS11-060
2560978 | Arbitrary code
/ Microsoft Office | Workstations
Terminal Servers
| No/No | No | Important | Visio 2003
Visio 2007
| | Patch after testing | MS11-058
2562485 | Arbitrary code
/ DNS Resolution | DNS Servers
| No/No | No | Critical | Win2003
Win2008
Win2008 R2
| Restart Req'd | Patch after testing | MS11-064
2563894 | Denial of service
/ Windows | Workstations
Servers
| No/No | Yes | Important | Vista
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-062
2566454 | Privilege elevation
/ RAS | Workstations
Terminal Servers
| No/No | No | Important | XP
Server 2003
| Restart Req'd | Patch after testing | MS11-063
2567680 | Privilege elevation
/ Windows | Workstations
Servers
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| Restart Req'd | Patch after testing | MS11-066
2567943 | Information disclosure
/ .Net Framework | Web Servers
Developer Workstations
| No/No | No | Important | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Chart Controls for .NET 3.5
| .NET 4.0 | Patch after testing | MS11-069
2567951 | Information disclosure
/ .Net Framework | Workstations
Terminal Servers
Servers
Web Hosting Servers
| No/No | No | Moderate | XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
| | Patch after testing | MS11-065
2570222 | Denial of service
/ RDP | Workstations
Terminal Servers
Servers
| No/Yes | Yes | Important | XP
Server 2003
| Restart Req'd | Patch after testing | MS11-067
2578230 | Information disclosure
/ Visual Studio | Workstations
Terminal Servers
| No/No | No | Important | Visual Studio 2005
Report Viewer 2005
| | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|