Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Microsoft Patch Tuesday - May 2011

May 11, 2011

  • Blog
  • Archive
Oh how I am starting to enjoy the odd numbered months this year. Back in January Microsoft released 2 bulletins. February followed with 12, March with 3, and April with 17. Now May has arrived with only 2 bulletins. If you are looking to avoid piles of patch deployment work this summer, I'd bet on taking vacation in June or August. MS11-035 covers a vulnerability in WINS. If you aren't using WINS within your environment, it is a good idea to verify that it has been disabled on your servers. If you are using WINS internally, make sure that TCP/42 and UDP/42 are blocked on external-facing firewalls. MS11-036 addressed two more vulnerabilities in Microsoft PowerPoint. As you may recall, Microsoft patched three vulnerabilities in PowerPoint last month. This time around, PowerPoint 2010 is not affected. eEye Research recently published a report analyzing the 2010 Microsoft Security Bulletins. One of the many findings is that upgrading your Microsoft software is a good security practice. As a reminder, tomorrow's Vulnerability Expert Forum (VEF) will be at 1PM PDT. Sign up to hear what the eEye Research team has to say about today’s security bulletins and other security related topics. As there are only two Microsoft bulletins to cover, there should be ample time to touch on other topics and answer your questions. Here are our recommendations for the two security updates. Retina Network Security Scanner customers can view the list of audits associated with these bulletins.
Deploy Immediately MS11-035 – Vulnerability in WINS Could Allow Remote Code Execution (2524426) Recommendation: Deploy patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ports TCP/42 and UDP/42 on external-facing firewalls. Deploy As Soon As Possible MS11-036 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814) Recommendation: Deploy patches as soon as possible. Until the patches can be installed, Office File Validation should be enabled to prevent the loading of invalid PowerPoint 2003 and 2007 files. Additionally, use Microsoft Office File Block policy and Microsoft Office Isolated Conversion Environment (MOICE) to deter exploitation via Office 2003 and earlier binary files.

Chris Silva,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.