Patch Tuesday Analysis for September 2011

The five bulletins released by Microsoft today are rated “Important” There are no critical updates. Altogether, 15 vulnerabilities are addressed. Of these, two are publicly disclosed. Both servers and workstations should get attention.

Microsoft reports that WINS handles internal communication on the loopback address in an incorrect way. This could allow a logged on user to take complete control of a server that is running the WINS service by running arbitrary code. The patch released with MS11-070 fixes the problem. It can only be installed if WINS is installed.

Windows components load external libraries in an incorrect way. It has been publicly disclosed that if the system has a malicious DLL file on the same network directory, it could allow remote code to be executed when a legitimate .rtf, Word document or even a .txt file is opened. All supported versions of Windows are affected. However an exploit requires a user to log on and run the program. Best practice would prevent this. Multiple components are fixed by MS11-071.

Five vulnerabilities have been privately reported to Microsoft are now addressed in MS11-072. Systems with Office products, including compatibility packs, SharePoint and Web Apps are vulnerable as explained by this update.

Two more vulnerabilities in Office as indicated in MS11-073. One of these involves the loading of external libraries. Workstations and Terminal Servers are primarily at risk.

Six vulnerabilities in SharePoint require we give attention to systems running SharePoint, Groove, WebApps and Office Forms. Most vulnerabilities are Cross Site Scripting XSS attacks. IE 8 and 9 include an XSS filter to block these attacks. This is enabled by default and it provides defense-in-depth.

Get my on-site classroom audit training program right now with my Audit and Assessment of Active Directory On-Demand class. This isn’t your normal passive DVD class. My AAAD On-Demand is a highly interactive training course designed to closely duplicate my one-on-one personal training. Take the FREE sample course here: AAAD-OI FREE SAMPLE!

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation
MS11-074 2451858	Privilege elevation / Sharepoint	Workstations Servers	Yes/No	No	Important	Office Sharepoint Server 2007 Groove Server 2007 SharePoint Services 3.0 SharePoint Foundation 2010 SharePoint Server 2007 Groove Server 2010 Web Apps Groove 2007 Office SharePoint Server 2010 SharePoint Workspace 2010 Office Forms Server 2007 SharePoint Services 2.0		Patch after testing
MS11-071 2570947	Arbitrary code / Windows	Workstations Terminal Servers	Yes/No	Yes	Important	XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7		Patch after testing
MS11-070 2571621	Arbitrary code / WINS	Servers	No/No	No	Important	Server 2003 Server 2008 Server 2008 R2	Restart Req'd	Patch after testing
MS11-072 2587505	Arbitrary code / Excel	Workstations Terminal Servers Servers	No/No	No	Important	Office 2003 Office 2007 Office 2004 for Mac Office 2008 for Mac Comp. Pack for Office 2007 Excel Viewer Office Sharepoint Server 2007 Open XML Converter for MAC Office 2010 Office 2011 for MAC Office Web Apps 2010 Office SharePoint Server 2010		Patch after testing
MS11-073 2587634	Arbitrary code / Office	Workstations Terminal Servers	No/No	No	Important	Office 2003 Office 2007 Office 2010		Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime.

"Thank you. I am very glad I subscribed to this newsletter. Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

- Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

Upcoming Webinars

Additional Resources

Patch Analysis

•	Analysis Criteria
•	Patch Tuesday History
•	Research Patches

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2013 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.