BeyondTrust Patch Tuesday
January 11, 2011
Microsoft Patch Disclosure
This month, Microsoft released 2 patches which repair a total of 3 vulnerabilities. Both of these patches address Remote Code Execution vulnerabilities.
Administrators are advised to patch MS11-002 immediately to prevent exploitation by attackers.
Administrators should patch MS11-001 at their earliest convenience.
As always, eEye suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team.
Register Now >>
- Web Event: Vulnerability Expert Forum (VEF)
- Presenters: The eEye Research Team
- Date/Time:
Wednesday January 12th at
11am PST / 2pm EST
BULLETIN / ADVISORY DETAILS
MS11-001
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
Microsoft Rating:
CVE:
CVE-2010-3145
Analysis:
Windows Backup Manager contains a vulnerability when loading DLLs, causing susceptibility to DLL preloading attacks. Files that are opened with Windows Backup Manager, such as .wbcat, from attacker controlled locations (e.g. a WebDAV server or other untrusted location) could allow the attacker to execute arbitrary code in the context of the local user. This vulnerability only affects Windows Vista (both 32-bit and 64-bit).
Recommendation:
Administrators are urged to install the patch; however, there is a workaround that may be used to help mitigate this threat:
Disable loading of libraries from remote network locations (http://support.microsoft.com/kb/2264107)
MS11-002
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
Microsoft Rating:
CVE List:
CVE-2011-0026, CVE-2011-0027
Analysis:
There are two vulnerabilities in Microsoft Data Access Components, both allowing for remote code execution in the context of the local user. A user must visit a specially crafted web page in order for the vulnerability to be exploited; once a user has visited a malicious page, an attacker may gain complete control of the system if the user is running as an administrator.
Recommendation:
Administrators are urged to patch immediately, however there is one mitigating factor and one workaround to help lessen the impact of these vulnerabilities:
CVE-2011-0026 is not exploitable under the default Windows configuration: A third-party application that uses ODBC (Open Database Connectivity) APIs in an insecure way must be installed on the system in order to be vulnerable.
CVE-2011-0027 may be mitigated by setting the Internet and local Intranet zones to “High” within Internet Explorer or by configuring Internet Explorer to prompt the user before running Active Scripting. In Internet Explorer, click the Security Tab --> Internet --> Custom Level.
Under Settings, in the Scripting section, under Active Scripting click “Prompt or Disable”. Go back to the Security Tab --> Local Intranet --> Custom Level.
Under Settings, in the Scripting section, under Active Scripting click “Prompt or Disable”.
Feedback
The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.
Disclaimer
The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.