Patch Tuesday Analysis for August 2011

This month’s security updates will keep all who are involved busy as we work with various kinds of servers and workstations. We recommend giving attention to the first two bulletins:

The first critical update is a cumulative update for Internet Explorer (MS11-057).  For two of the vulnerabilities, proof-of-concept code has been published. The update includes some additional defense-in-depth changes. Of interest, one of these is the ability of users to block cross-domain drag and drop functionality. The exploit may attempt to trick you into disclosing information by dropping the info onto their web page. Many users will probably not select this “ability” to block unless forced to do so.

Administrators of DNS Servers will want to give attention to MS11-058. Servers without the DNS role are not affected. The likelihood of successful exploit code is high.

Bulletin MS11-060 is a Visio vulnerability, where a malicious file could be sent by email or a web page.

Remote Desktop Web Access is vulnerable as indicated in MS11-061, but only on Server 2008 R2 SP1 for x-64-based systems. The role is not installed by default so only a limited number of servers will need this update.

MS11-062 indicates RAS on XP and Server 2003 has a driver that is vulnerable. An attacker must log on locally to exploit this.

A local logon is also necessary to exploit the vulnerability in MS 11-063. This affects all supported versions of Windows and Microsoft indicates successful exploit code is likely.

A denial of service vulnerability exists in RDP (Remote Desktop Protocol). This technology has various names such as Terminal Services, Remote Desktop, Remote Assistance, Remote Desktop Help Session Manager, Remote Web Workplace, and Remote Desktop for Administration. The workaround for workstations is to disable RDP if you’re not using it. That’s a best practice for all services but it wouldn’t be practical if you’re running a Terminal Server. We’ve included all types of systems because many organizations use RDP for administration purposes. See MS11-065.

Web applications using Microsoft Chart Control on .NET Framework 4.0 are vulnerable. MS11-066 addresses the issue.

An unrelated vulnerability also affects .Net Framework and is addressed with MS11-069.

At the height of the Roman Empire it could be said that “All roads lead to Rome” and it’s getting that way with Active Directory.  AD is the hub of identity and access management (IAM) for most networks today and there is a great need for integration between AD and other systems so that IAM is up-to-date and consistent across your organization.  Building the roads that connected the Roman Empire required new techniques and tools. Likewise building an integrated IAM environment with AD at the center requires a new set of tools of methods and that’s what I’m going to show you in this next real-training for free™ session: Top Tools and Techniques for Transferring Identity and Access Data to and from Active Directory

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS11-061

2546250
Privilege elevation

/ Remote Desktop
Web Servers
No/NoNoImportant Server 2008 R2
Only systems with RD Web AccessPatch after testing
MS11-068

2556532
Denial of service

/ Windows
Workstations
Terminal Servers
No/NoNoModerate Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-057

2559049
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
Yes/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after minimal testing
MS11-059

2560656
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoImportant Server 2008 R2
Windows 7
 Patch after testing
MS11-060

2560978
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
No/NoNoImportant Visio 2003
Visio 2007
 Patch after testing
MS11-058

2562485
Arbitrary code

/ DNS Resolution
DNS Servers
No/NoNoCritical Win2003
Win2008
Win2008 R2
Restart Req'dPatch after testing
MS11-064

2563894
Denial of service

/ Windows
Workstations
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-062

2566454
Privilege elevation

/ RAS
Workstations
Terminal Servers
No/NoNoImportant XP
Server 2003
Restart Req'dPatch after testing
MS11-063

2567680
Privilege elevation

/ Windows
Workstations
Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS11-066

2567943
Information disclosure

/ .Net Framework
Web Servers
Developer Workstations
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Chart Controls for .NET 3.5
.NET 4.0Patch after testing
MS11-069

2567951
Information disclosure

/ .Net Framework
Workstations
Terminal Servers
Servers
Web Hosting Servers
No/NoNoModerate XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS11-065

2570222
Denial of service

/ RDP
Workstations
Terminal Servers
Servers
No/YesYesImportant XP
Server 2003
Restart Req'dPatch after testing
MS11-067

2578230
Information disclosure

/ Visual Studio
Workstations
Terminal Servers
No/NoNoImportant Visual Studio 2005
Report Viewer 2005
 Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.