Patch Tuesday Monthly Security Briefing june 2011

In this issue:

No Summer Holiday for IT Pros

9 Critical, 7 Important

Patch Tuesday Security Briefing

With 16 bulletins issued from Microsoft today, this month isn‘t as big as April (thankfully), but it is still sizable and certainly disruptive, as it affects applications across the board.

With 9 critical bulletins and the vast majority directly requiring a reboot, this marks the beginning of a long summer for IT professionals with no room for slowing down. Four of the critical and a few of the important patches affect Windows; 7 critical and 3 important patches affect Internet Explorer. And with this Patch Tuesday, we are seeing Internet Explorer 9 affected for the first time. However, IE9 isn’t as much of a concern as IE6, which often seems to be the lowest common denominator in security breaches. It is absolutely imperative that people download a newer version of IE in order to take advantage of the more secure codebase.

The SMB issue is another important patch - the server is just a DoS vector but if you are running the client, it is a high priority. We also have a number of kernel updates that impact the Windows product family; they are a priority as well and include additional protections for SMB at the kernel level.

There is also a patch for MHTML issues to mitigate cross-site scripting issues and as this is a popular threat vector, it is also a priority. The Office Excel patch is also a hot patch, as Excel has historically been a delivery mechanism for spear phishing.

One of the more interesting patches is for Hyper V, as it is one of the first released for the product - it covers a DoS issue. MORE »

Get Started Today »


FREE Trial Offers

Try our award-winning products and solutions NOW »

Endpoint Management and Security Suite Trial »

Intelligent Whitelisting Trial »

AntiVirus Trial »

Application Control Trial »

Device Control Trial »

Patch and Remediation Trial »

Risk Manager Trial »

Have You Migrated Yet?

Patch Content for Lumension Patch v 6.4 Discontinued in July

Lumension® Patch and Remediation v.6.4 SP2 (and lower) will move into self-support on July 7, 2011. After that date, you will no longer receive new Microsoft Windows patch content. Therefore, it is critically important you immediately start planning for the migration of your systems to Lumension® Patch and Remediation v.7.1 on the Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) platform to ensure uninterrupted patch content support starting July 8, 2011.

Gain control of your endpoints. Visit the Updgrade Center today »

FREE Security Tools


Application Scanner 2.0

Discover all applications running on your network



Get it Now »

Device Scanner

Discover every removable device ever connected to your endpoints



Get it Now »

Vulnerability Scanner

Discover all OS and application vulnerabilities on your network



Get it Now »

Bulletins

» Highest Priority

MS11-038   Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
MS11-039   Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
MS11-040   Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
MS11-041   Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
MS11-042   Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
MS11-043   Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
MS11-044   Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
MS11-050   Cumulative Security Update for Internet Explorer (2530548)
MS11-052   Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

» Important

MS11-037   Vulnerability in MHTML Could Allow Information Disclosure (2544893)
MS11-045   Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
MS11-046   Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
MS11-047   Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
MS11-048   Vulnerability in SMB Server Could Allow Denial of Service (2536275)
MS11-049   Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
MS11-051   Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)

Updates Outside of Microsoft

Notable this month is that, in addition to this being a large Patch Tuesday, this is also the planned release date for the Adobe quarterly security update. Adobe is planning to release updates for all supported versions of Reader and Acrobat across supported platforms.

Lumension Content

Apple Security Content

RealNetworks Security Content

Adobe Security Content

Others

Security Forum
Rising Malware Threats Rock Security World

There are many threats, yet security researchers don’t fully agree on which one is the greatest. Some point to the mobile world. Others insist on social networking. Still others point to China.

Webcast
How to Enable Local Admin Rights Without
the Risk
June 16, 11am EDT

In today‘s Windows environment, end users are accustomed to having local administrator privileges which allow them to download a variety of applications and potentially mis-configure their PCs. Fortunately, there is hope for IT administrators seeking to gain control over the Windows environment - through application whitelisting.

Whitepaper
5 Ways to Evolve Endpoint Management and Security for a New Threat Environment

Ask most IT professionals and they‘ll probably tell you that they‘re having a hard time effectively and efficiently managing and securing their endpoints. Implement these key endpoint elements to bring up the level of security and bring down the cost of managing client systems.

Visit the Security Forum »

Register for the Webcast »

Download the Whitepaper »

Customers

 

It's Time to Think New

 
play Think New Take Control of Your Endpoints

Bringing Operations and Security together. One partner. One platform. Many solutions.

Watch It Now »