Patch Tuesday Analysis for September 2011

The five bulletins released by Microsoft today are rated “Important” There are no critical updates. Altogether, 15 vulnerabilities are addressed. Of these, two are publicly disclosed. Both servers and workstations should get attention.

Microsoft reports that WINS handles internal communication on the loopback address in an incorrect way. This could allow a logged on user to take complete control of a server that is running the WINS service by running arbitrary code. The patch released with MS11-070 fixes the problem. It can only be installed if WINS is installed. 

Windows components load external libraries in an incorrect way. It has been publicly disclosed that if the system has a malicious DLL file on the same network directory, it could allow remote code to be executed when a legitimate .rtf, Word document or even a .txt file is opened. All supported versions of Windows are affected. However an exploit requires a user to log on and run the program. Best practice would prevent this. Multiple components are fixed by MS11-071. 

Five vulnerabilities have been privately reported to Microsoft are now addressed in MS11-072. Systems with Office products, including compatibility packs, SharePoint and Web Apps are vulnerable as explained by this update. 

Two more vulnerabilities in Office as indicated in MS11-073. One of these involves the loading of external libraries. Workstations and Terminal Servers are primarily at risk. 

Six vulnerabilities in SharePoint require we give attention to systems running SharePoint, Groove, WebApps and Office Forms. Most vulnerabilities are Cross Site Scripting XSS attacks. IE 8 and 9 include an XSS filter to block these attacks. This is enabled by default and it provides defense-in-depth.

Get my on-site classroom audit training program right now with my Audit and Assessment of Active Directory On-Demand class. This isn’t your normal passive DVD class. My AAAD On-Demand is a highly interactive training course designed to closely duplicate my one-on-one personal training. Take the FREE sample course here: AAAD-OI FREE SAMPLE!

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS11-074

2451858
Privilege elevation

/ Sharepoint
Workstations
Servers
Yes/NoNoImportant Office Sharepoint Server 2007
Groove Server 2007
SharePoint Services 3.0
SharePoint Foundation 2010
SharePoint Server 2007
Groove Server 2010
Web Apps
Groove 2007
Office SharePoint Server 2010
SharePoint Workspace 2010
Office Forms Server 2007
SharePoint Services 2.0
 Patch after testing
MS11-071

2570947
Arbitrary code

/ Windows
Workstations
Terminal Servers
Yes/NoYesImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing
MS11-070

2571621
Arbitrary code

/ WINS
Servers
No/NoNoImportant Server 2003
Server 2008
Server 2008 R2
Restart Req'dPatch after testing
MS11-072

2587505
Arbitrary code

/ Excel
Workstations
Terminal Servers
Servers
No/NoNoImportant Office 2003
Office 2007
Office 2004 for Mac
Office 2008 for Mac
Comp. Pack for Office 2007
Excel Viewer
Office Sharepoint Server 2007
Open XML Converter for MAC
Office 2010
Office 2011 for MAC
Office Web Apps 2010
Office SharePoint Server 2010
 Patch after testing
MS11-073

2587634
Arbitrary code

/ Office
Workstations
Terminal Servers
No/NoNoImportant Office 2003
Office 2007
Office 2010
 Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.