Beyondtrust

BeyondTrust Patch Tuesday

July 12, 2011

Microsoft Patch Disclosure

This month, Microsoft released four patches that repair a total of twenty-two vulnerabilities. Two of these patches address Remote Code Execution vulnerabilities and the other two patches address Elevation of Privilege vulnerabilities.

Administrators should patch MS11-053, MS11-054, MS11-055, and MS11-056 as soon as possible. As always, eEye suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the eEye Security Research Team.
Register Now >>

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The eEye Research Team
  • Date/Time: Wednesday July 13th
    1pm PT / 4pm ET

BULLETIN / ADVISORY DETAILS

MS11-053

Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)


Microsoft Rating:

Critical

CVE:

CVE-2011-1265

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in the Windows Bluetooth 2.1 driver. The patch fixes a stack vulnerability that occurs when memory, which has not been initialized correctly or has been deleted, is accessed. An attacker that successfully exploited this vulnerability would gain system-level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be applied, open the Bluetooth Settings dialog box. Uncheck the box next to the "Allow Bluetooth devices to connect to this computer" setting. This will prevent all Bluetooth devices from connecting to affected systems, which will mean Bluetooth mice and keyboards will be affected, as well.

 

MS11-054

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)


Microsoft Rating:

Important

CVE List:

CVE-2011-1874, CVE-2011-1875, CVE-2011-1876, CVE-2011-1877, CVE-2011-1878, CVE-2011-1879, CVE-2011-1880, CVE-2011-1881, CVE-2011-1882, CVE-2011-1873, CVE-2011-1884, CVE-2011-1885, CVE-2011-1886, CVE-2011-1887, & CVE-2011-1888

 

Analysis:

This bulletin addresses 15 privately reported locally exploitable vulnerabilities in the Win32 Kernel: 14 elevation of privilege vulnerabilities and 1 information disclosure vulnerability. The patch fixes 9 use- after-free-vulnerabilities and 6 null pointer de-reference vulnerabilities. In the worst case scenario, an attacker that successfully exploited the elevation of privilege vulnerabilities would gain kernel-level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible since no mitigation is available.

 

MS11-055

Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)


Microsoft Rating:

Important

CVE:

CVE-2010-3148

 

Analysis:

This bulletin addresses a publicly reported remote code execution vulnerability in Microsoft Visio. The patch fixes an insecure library loading vulnerability. An attacker that successfully exploited this vulnerability would gain user-level access to the target machine and would be able to execute remote code within the context of that user.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLL's loaded from WebDAV and remote shares.

 

MS11-056

Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)


Microsoft Rating:

Important

CVE List:

CVE-2011-1281, CVE-2011-1282, CVE-2011-1283, CVE-2011-1284, & CVE-2011-1870

 

Analysis:

This bulletin addresses 5 privately reported local elevation of privilege vulnerabilities in the Windows Client/Server Run-time Subsystem (CSRSS). The patch fixes all 5 vulnerabilities that occur when an attacker locally runs a malicious program on the target system. An attacker that successfully exploited this vulnerability would gain kernel-level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible since no mitigation is available.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.