Patch Tuesday Bulletin - August 2010

As expected, we have a large release from Microsoft covering 15 bulletins, 9 of which are critical. This will be a disruptive Patch Tuesday given the broad range of products impacted and the required restarts. Initial priorities should always be the 9 critical vulnerabilities followed by the remaining balance of important and moderate patches.

The balance of patches, while not critical, should not be ignored in today’s environment where more often than not lesser impact vulnerabilities are combined together to provide a greater chance of success for cyber criminals.

While the spotlight is on Microsoft today, let us not forget that Microsoft does not have any “exclusive” on software vulnerabilities. While no one can dispute that the patch load for Microsoft this Patch Tuesday is high, we all need to keep some perspective. Since the week of Microsoft Patch Tuesday in July, CERT has released over 130 Bulletins for software vulnerabilities rated high (CVSS score of 7.0 – 10) Out of all those bulletins – Microsoft was only noted as the vendor in 1 of the published CERT bulletins for the given period.

It is also important to note that while Microsoft rushed out an out of band patch last week for the LNK issue, putting out a lot of fires this week, one new day zero remains unpatched -  a kernel level vulnerability impacting all versions of Windows (including Windows 7). The vulnerability involves a heap overflow which is more difficult to take advantage of than a traditional buffer overflow. However, if executed, it can reportedly afford escalation of privilege, denial of service or potentially execute arbitrary code with kernel privileges.

Other flaw remediation concerns this Patch Tuesday:

• Apple is preparing to roll out a patch for a serious issue that can Jail-Break an iPhone, iTouch or iPad device. The exploit can be triggered by a drive-by malware site or by tricking the user in to opening a specially crafted PDF;
• Adobe is also creating a patch for Adobe Reader 9.3.3 for Windows, Mac OS X, and UNIX, and Adobe Acrobat for Windows and Mac, as well as Reader and Acrobat version 8.2.3 for the same platforms to resolve a number of security issues
• We have seen the typical flurry of browser patches this period for Chrome and Mozilla. It is important to note that the Chrome patches were installed silently and reportedly Mozilla is about to introduce silent patching in an upcoming release of the browser. Some are concerned about the impact silent patching will have on network bandwidth in an enterprise environment especially with a large population of users running the browser. While most would agree that silent patching is necessary for home users it can be disruptive within an enterprise environment and is usually better handled in an efficient distributed model that affords full administrative control.

Bulletins

» Critical

• MS10-046 Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
• MS10-049 Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)
• MS10-051 Vulnerability in Microsoft XML Core Services Could Allow RCE (2079403)
• MS10-052 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow RCE (2115168)
• MS10-053 Cumulative Security Update for Internet Explorer (2183461)
• MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
• MS10-055 Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
• MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
• MS10-060 Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

» Important

• MS10-047 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
• MS10-048 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow EoP (2160329)
• MS10-050 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
• MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
• MS10-058 Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
• MS10-059 Vulnerabilities in the Tracing Feature for Services Could Allow an EoP (982799)

Other News

» Lumension Endpoint Protection Solution
Awarded 5-Star Review by SC Magazine

Lumension's Endpoint Protection Solution Lauded in Technical Review for its Return-on-Investment, Seamless Integration and Ease-of-Use

Read the Press Release.

» Patch Tuesday Content Checklist

Do you want to know what patches Lumension releases as part of Microsoft Patch Tuesday? If so, please visit the Microsoft Patch Tuesday Content Checklist on the Customer Portal.

The heat is on to proactively safeguard your systems and endpoints from the newest exploits. Read this whitepaper to find out the four steps you can take to establish a best practices approach to help reduce costs and risks in the long term.

Watch this webcast with Security and Forensic expert Paul Henry. We'll examine how the vulnerability and threat landscape has evolved beyond the OS, and discuss recommended steps to ensure continuous Patch Tuesday readiness.

Paul A. Henry, Security and Forensic Analyst provides his insights on 17 new patches from Microsoft.