 |
| |
|
|
|
|
|
|
| |
|
|
|
Web Event:
Vulnerability Expert Forum
Presenter:
The eEye Research Team
Date/Time:
Wednesday July 13th
1pm PT / 4pm ET
|
|
| |
|
Microsoft Patch Disclosure
July 12, 2011
Overview
This month, Microsoft released four patches that repair a total of twenty-two vulnerabilities. Two of these patches address Remote Code Execution vulnerabilities and the other two patches address Elevation of Privilege vulnerabilities.
|
|
|
| |
|
|
|
|
| |
|
|
|
|
|
|
| |
Patch Precedence
Administrators should patch MS11-053, MS11-054, MS11-055, and MS11-056 as soon as possible.
As always, eEye suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team. Register Now >>
Bulletin/Advisory Details
MS11-053
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
Microsoft Rating: Critical
eEye Rating: Important
CVE: CVE-2011-1265
Analysis
This bulletin addresses a privately reported remote code execution vulnerability in the Windows Bluetooth 2.1 driver. The patch fixes a stack vulnerability that occurs when memory, which has not been initialized correctly or has been deleted, is accessed. An attacker that successfully exploited this vulnerability would gain system-level access to the target machine.
Recommendations
Deploy patches as soon as possible. Until the patch can be applied, open the Bluetooth Settings dialog box. Uncheck the box next to the "Allow Bluetooth devices to connect to this computer" setting. This will prevent all Bluetooth devices from connecting to affected systems, which will mean Bluetooth mice and keyboards will be affected, as well.
MS11-054
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
Microsoft Rating: Important
eEye Rating: Important
CVE List: CVE-2011-1874, CVE-2011-1875, CVE-2011-1876, CVE-2011-1877, CVE-2011-1878, CVE-2011-1879, CVE-2011-1880, CVE-2011-1881, CVE-2011-1882, CVE-2011-1873, CVE-2011-1884, CVE-2011-1885, CVE-2011-1886, CVE-2011-1887, & CVE-2011-1888
Analysis
This bulletin addresses 15 privately reported locally exploitable vulnerabilities in the Win32 Kernel: 14 elevation of privilege vulnerabilities and 1 information disclosure vulnerability. The patch fixes 9 use- after-free-vulnerabilities and 6 null pointer de-reference vulnerabilities. In the worst case scenario, an attacker that successfully exploited the elevation of privilege vulnerabilities would gain kernel-level access to the target machine.
Recommendations
Deploy patches as soon as possible since no mitigation is available.
MS11-055
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
Microsoft Rating: Important
eEye Rating: Important
CVE: CVE-2010-3148
Analysis
This bulletin addresses a publicly reported remote code execution vulnerability in Microsoft Visio. The patch fixes an insecure library loading vulnerability. An attacker that successfully exploited this vulnerability would gain user-level access to the target machine and would be able to execute remote code within the context of that user.
Recommendations
Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLL's loaded from WebDAV and remote shares.
MS11-056
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
Microsoft Rating: Important
eEye Rating: Important
CVE List: CVE-2011-1281, CVE-2011-1282, CVE-2011-1283, CVE-2011-1284, & CVE-2011-1870
Analysis
This bulletin addresses 5 privately reported local elevation of privilege vulnerabilities in the Windows Client/Server Run-time Subsystem (CSRSS). The patch fixes all 5 vulnerabilities that occur when an attacker locally runs a malicious program on the target system. An attacker that successfully exploited this vulnerability would gain kernel-level access to the target machine.
Recommendations
Deploy patches as soon as possible since no mitigation is available.
|
|
|
| |
|
|
|
|
|
|
| |
Feedback
The eEye newsletter staff welcomes any comments, questions or suggestions from our readers.
We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to products@eeye.com.
Disclaimer
The information within this newsletter may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email products@eeye.com for permission. |
|
|
| |
|
|
|
|
|
|
|