August 2011 Patch Tuesday Overview
With the August 2011 edition of Patch Tuesday, Microsoft has just released 13 bulletins addressing 22 vulnerabilities. This month marks a "heavy" month for Microsoft for Patch Tuesday.
The first bulletin administrators should look at patching first is the bi-monthly cumulative update for Microsoft Internet Explorer (MS11-057). This bulletin addresses typical vulnerabilities in Internet Explorer where browsing to a malicious website could result in remote code execution. Two of the seven vulnerabilities fixed with this bulletin are publicly known. At this time, Microsoft has not received any reports of attacks against the vulnerabilities. With any publicly disclosed vulnerability exploit code, it is important to patch immediately.
The next bulletin administrators should pay particular attention to is MS11-058. This bulletin addresses two vulnerabilities affecting DNS Server. These vulnerabilities affect the server side and not a client request to a DNS server. The attack vector for this vulnerability depends on your DNS server configuration. If your DNS servers have caching of DNS relaying enabled, the systems will be at risk for a remote attack. Even if your DNS servers do not have this type of configuration, you should still deploy the patch. An administrator could potentially change configuration in the future, making it vulnerable if left unpatched. In addition, this bulletin marks a good opportunity to review your DNS server configuration and harden the system.
Another bulletin of note is MS11-065. This bulletin addresses 1 vulnerability Remote Desktop that Microsoft has seen limited attacks lately; although, this vulnerability has not been publicly disclosed. An attacker can send a malicious remote desktop protocol connection request to a target machine that could lead to a blue screen (Denial of Service).
MS11-066 addresses a privately disclosed vulnerability that affects Microsoft Chart Controls. Web servers that use Chart Controls are only at risk from this vulnerability. If you are not running Chart Controls on your web servers, you are not affected by this vulnerability. An attacker can send a malicious request to the web server hosting Chart Controls that can lead to Information Disclosure of sensitive files on the website.
In addition, Microsoft re-released three previously-released Security Bulletins.
MS11-025 has added more products that are affected by this bulletin. You could see this bulletin come up this month during your patching cycle.
MS11-043 has been updated to add additional stability to the updates. You could also see this bulletin come up this month during your patching cycle.
MS11-049 has been updated to include additional detection updates for Visual Studio 2005. If you have already applied this patch, you will not need to reapply the patch this month.
Microsoft also released a new Security Advisory with 2562937. This advisory updates ActiveX Kill Bits on Microsoft operating systems. In the past, we have seen these patches included in the normal Microsoft Security bulletin release on Patch Tuesday. It appears Microsoft is moving these types of patches to Security Advisories.
On the non-Microsoft front, Google Chrome released today with an updated version of Flash Player. Google’s stating that Flash Player fixes a number of vulnerabilities. Google Chrome bundles Adobe Flash in the installation. In addition, Adobe has released new versions of Adobe Air, Adobe Flash and Adobe Shockwave.
I will be reviewing the August 2011 in depth during my monthly Patch Tuesday webinar tomorrow at 11am CDT. You can register to attend the live webinar here.
- Jason Miller