Patch Tuesday Monthly Security Briefing october 2011

In this issue:

Some Tricks and Some Treats from Microsoft

2 Critical, 6 Important

Patch Tuesday Security Briefing

The Treat – October’s bulletins resolve several issues: 2 Critical and 6 important covering a range of products including Microsoft .NET Windows, IE, Forefront and MS Host Integration Server.

The Trick – nearly all require a restart which will cause widespread disruptions across both Internet connected servers and user community desktops.

The details:

MS11-081 Critical Internet Explorer patches correcting 8 vulnerabilities with typical attack vectors and one involving Java Script. None of the patched issues are related to active exploits however users are urged to patch this as a high priority. Important to note that many of the fixes are related to improving defense in depth to strengthen the browser.

MS11-078 Critical .NET issue, also impacts SilverLight. Users of .NET Client and SilverLight are urged to apply this patch as a high priority

MS11-075 Important Windows Active Accessibility, corrects a DLL Injection issue

MS11-076 Important Media Center Issue, corrects a DLL Injection Issue

MS11-077 Important, resolves a Win32l Kernel Mode Drivers Issue that involves font rendering which is a low risk with Microsoft IE as the font would not be rendered but can be a high risk with third party browsers that would render the font.

MS11-080 Important Ancillary Function Driver Issue, provides for an escalation of privilege

MS11-079 Important Forefront UAG Issue, resolves a perimeter firewall XSS issue

MS11-082 Important Host Integration Server, resolves a DoS issue for the service

Also released today was SP 3 for Office 2007 and SharePoint 2007. SP3 includes a roll up of previously patched issues, as well as newly discovered issues from the lifecycle of SP2.

Yet again vulnerabilities have proven to not be a Microsoft Exclusive Issue - Third party products and add-on's are our Achilles Heel again this period. The ever increasing integration of mobile devices... Read More »

Get Started Today »


FREE Trial Offers

Try our award-winning products and solutions NOW »

Endpoint Management and Security Suite Trial »

Intelligent Whitelisting Trial »

AntiVirus Trial »

Application Control Trial »

Device Control Trial »

Patch and Remediation Trial »

Risk Manager Trial »

How to Reduce Endpoint Complexity and Costs on an SMB Budget

November 8, 2011 11am ET

When considering endpoint security, it isn’t only what security technologies to deploy, but how can you more efficiently manage your environment. Join Roger Grimes and Chris Merritt for the second part of our SMB Security Webcast Series as they discuss:

  • Improving Uptime, without additional management burden
  • Reducing Complexity, by limiting the number of security agents and consoles to manage
  • Reducing Overall Costs, by getting more from limited IT security resources and budget

FREE Security Tools


Application Scanner

Discover all applications running on your network



Get it Now »

Device Scanner

Discover every removable device ever connected to your endpoints



Get it Now »

Vulnerability Scanner

Discover all OS and application vulnerabilities on your network



Get it Now »

Bulletins

» Critical

MS11-081   Internet Explorer patches correcting 8 vulnerabilities with typical attack vectors and one involving Java Script
 
MS11-078   .NET issue, also impacts SilverLight

» Important

MS11-075   Windows Active Accessibility, corrects a DLL Injection issue
 
MS11-076   Media Center Issue, corrects a DLL Injection Issue
 
MS11-077   Resolves a Win32l Kernel Mode Drivers Issue
 
MS11-080   Ancillary Function Driver Issue, provides for an escalation of privilege
 
MS11-079   Forefront UAG Issue, resolves a perimeter firewall XSS issue
 
MS11-082   Host Integration Server, resolves a DoS issue for the service

Updates Outside of Microsoft

Outside of Microsoft, here are the major updates released since the beginning of September:

Apple Security Content

Adobe Security Content

Mozilla Security Content

Real Networks Security Content

Some items of note based on the releases above:

  1. Adobe Reader 8.x and Acrobat 8.x reach End of Support on November 3, 2011, meaning Adobe will no longer produce security updates for those versions after that date
  2. The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011
  3. Firefox updates continue to be disruptive to the Enterprise as Mozilla releases another major version
  4. Mozilla plans to discontinue support for Firefox 3.6.x in the near future, possibly as early as January, 2012
  5. Mozilla plans to release Firefox 8 on November 8, 2011
   

Security Forum
It’s Your Move: The Changing Game in Endpoint Security

Many of today’s IT security departments are using basic ‘move, countermove’ thinking to plan their defenses, which is not enough to defend against the devious and calculating adversaries who plan their moves well in advance. It’s time to refine our endpoint security strategies.

Webcast
Practical Steps for Integrating and Managing Endpoint Security
November 1st 12pm ET

Securing endpoints is the toughest area of information security right, facing more malware and sophisticated attacks. Learn these practical steps for protecting your endpoints by taking a coordinated, comprehensive approach that will optimize your efforts and investments of time and money.

Whitepaper
Think Your AV is Working? Think Again

We’ve been so bombarded by computer viruses, worms, Trojan horses and other malware that we’ve become acclimated to their presence. We subscribe to an anti-virus (AV) offering and hope for the best. Trouble is, AV hasn’t been keeping up. Studies show that even though most organizations use AV, more and more are succumbing to attacks. It’s time to shift from the status quo.

Visit the Security Forum »

Register for the Webcast »

Download the Whitepaper »

Customers

 

It's Time to Think New

 
play Think New Take Control of Your Endpoints

Bringing Operations and Security together. One partner. One platform. Many solutions.

Watch It Now »