Patch Tuesday Monthly Security Briefing august 2011

In this issue:

The Road to Labor Day is Paved with Patches

2 Critical, 9 Important, 2 Moderate

Patch Tuesday Security Briefing

Microsoft is making IT admins earn their Labor Day holiday with 12 bulletins across a broad range of Microsoft OS platforms, Office and developer tools. Overall, this Patch Tuesday will result in several reboots, making it very disruptive for flaw mitigation teams.

2 bulletins are critical and require immediate attention:

  • MS11057 IE Vulnerability corrects 7 vulnerabilities
  • MS11058 DNS Server Vulnerability could potentially be a remote code execution issue; however it would be difficult to execute. The attacker would need to bypass ASLR and DEP to be successful in exploiting the issue

9 bulletins are important and should be prioritized based on your environment’s usage of the impacted applications:

  • MS11059 DAC remote code execution issue
  • MS11060 Visio remote code execution issue
  • MS11061 RDP Web escalation of privilege issue
  • MS11063 EP Driver escalation of privilege issue
  • MS11064 TCP/IP DoS (this could potentially be executed with a specially crafted ICMP packet; think Ping of Death)
  • MS11065 RDP DoS
  • MS11066 A .net information disclosure issue
  • MS11067 Report Viewer.Net information disclosure

2 bulletins are moderate and while not the highest priority, should not be overlooked:

  • MS11068 Kernel DoS
  • MS11069 A .net information disclosure

Outside of Microsoft, IT teams are still recovering Read More »

Get Started Today »


FREE Trial Offers

Try our award-winning products and solutions NOW »

Endpoint Management and Security Suite Trial »

Intelligent Whitelisting Trial »

AntiVirus Trial »

Application Control Trial »

Device Control Trial »

Patch and Remediation Trial »

Risk Manager Trial »

Reorganizing Federal IT to Address Today’s Threats

Thursday, August 11, 11am ET

Recent reports indicate U.S. government servers are faced with 1.8 billion cyber attacks every month. It’s painfully obvious status quo security measures can't keep up. To offset these alarmingly high attack munbers and regain control of your endpoints, Lumension vice president of solution strategy, Paul Zimski is hosting a webcast with Richard Stiennon, It security expert and author of Surviving Cyber War. They will discuss how federal IT departments can reorganize to improve security and which technology capabilities are important to protecting today’s endpoints.

FREE Security Tools


Application Scanner

Discover all applications running on your network



Get it Now »

Device Scanner

Discover every removable device ever connected to your endpoints



Get it Now »

Vulnerability Scanner

Discover all OS and application vulnerabilities on your network



Get it Now »

Bulletins

» Highest Priority

MS11-057   Cumulative Security Update for Internet Explorer (2559049))
 
MS11-058   Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

» Important

MS11-059   Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
 
MS11-060   Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
 
MS11-061   Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
 
MS11-062   Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
 
MS11-063   Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
 
MS11-064   Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
 
MS11-065   Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
 
MS11-066   Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
 
MS11-067   Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)

» Moderate

MS11-068   Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
 
MS11-069   Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)

Updates Outside of Microsoft

Outside of Microsoft, IT teams are still recovering from the 78 patches released by Oracle on July 19th and the update to Apple Lion released on July 20th.

Further, the parade of flaws in mobile platforms and apps continues this period - Android, Apple and BlackBerry all have issues that need to be addressed; and malicious links now impact 3 out of 10 smartphone users.

In addition to releasing OSX Lion, Apple has also released updates for Quicktime on Mac and Windows and an IOS update for the iPhone.

Security Forum
iPads in the Enterprise: Resistance is Futile

The iPad has a number of built in security features that can reduce vulnerability. So will other endpoint security technology measures such as keeping the devices up to date with the most current software and application whitelisting.

Webcast
It’s Your Move: The Changing Game in Endpoint Security
September 7, Noon ET

Your opponents have changed the IT security game – learn how to regain control of your endpoints by first understanding today’s threats. Then, hear how one company has found success in beating the bad guys.

Whitepaper
Patch Management: Picking the Low Hanging Fruit

Set it and forget it might work for your DVR but it’s a bad strategy for patch management. Switching on WSUS isn’t enough – learn why also fixing third party applications should be at the core of your security posture.

Visit the Security Forum »

Register for the Webcast »

Download the Whitepaper »

Customers

 

It's Time to Think New

 
play Think New Take Control of Your Endpoints

Bringing Operations and Security together. One partner. One platform. Many solutions.

Watch It Now »