July 2011 Patch Tuesday Overview
Microsoft has released 4 new security bulletins in the July 2011 edition of Patch Tuesday. These 4 security bulletins address 22 vulnerabilities. After a hefty Patch Tuesday last month, administrators are getting a bit of a breather with a manageable security bulletin release. Even with a small release, there are some key points to consider.
The first security bulletin administrators should look to deploy first is MS11-053. This new security bulletin addresses one vulnerability in the Bluetooth stack for Windows Vista and Windows 7. The vulnerability addressed in this bulletin is very interesting and a little bit on the scary side. An attacker in the same vicinity of a vulnerable machine with Bluetooth enabled could result in an attacker sending malicious Bluetooth packets. This could result in remote code execution. Could this vulnerability be the new case of drive-by war dialing? The example of a prime target I keep seeing in my head is the local sandwich shop near my house. Every time I pop in to satisfy my sandwich craving, I see 20-30 people working wirelessly. This just seems like a prime target for new war dialing techniques. It is important to note that Microsoft has and exploitability index rating of 2 on this bulletin. This makes the vulnerability more difficult to exploit. If you have mobile users working outside of your office, you will want to look at patching these machines as soon as possible.
The DLL preloading issue that Microsoft has been addressing over the past year is back again this month with MS11-055. This bulletin will address a vulnerability in Microsoft Visio 2003 that could lead to remote code execution. The security advisory released last August (2269637) has seen numerous updates as Microsoft continues to find products affected by this vulnerability. You can be assured we will continue to see security bulletins addressing this vulnerability in the future.
MS11-054 addresses 15 vulnerabilities in the Windows Kernel-Mode Drivers. At first glance, the number of vulnerabilities addressed in this single bulletin seems alarming. All of the vulnerabilities addressed in this bulletin are related. An attacker must first have access to a system before they can exploit the vulnerability.
MS11-056 addresses 5 vulnerabilities in the Windows Client/Server Run-time Subsystem on all supported Microsoft operating systems. Like MS11-054, all of the vulnerabilities are related. This bulletin also requires an attacker to first have access to a system before they can exploit the vulnerability.
Now for the special note on MS11-053. Microsoft is releasing a non-security patch this month to coincide with the security bulletin for Bluetooth. Microsoft has seen issues where security updates for Windows 7 would occasionally fail to install Windows drivers if you are using Windows Update. To combat this, Microsoft is fixing issues in the user-mode Plug-and-Play (UMPnP) manager stack. Microsoft is stating that the non-security update will be offered as a child update within MS11-053. If the security update notices the non-security update is not installed on the system, the non-security update will be deployed to the system first. This will prompt a reboot of the target system. After the reboot, the security update will be offered and installed.
This scenario could result in some longer patch deployment times and possibly multiple reboots of client systems for administrators. This could seem painful, but it is nice to see Microsoft addressing a potentially longer term issue with driver patching by fixing the issue.
On the non-Microsoft front, Mozilla has released a new update for their browsers. This update fixes an issue where Firefox could crash on the Mac OS operating system. Mozilla is attempting to only offer this update through their autoupdate mechanism to only Mac OS operating systems.
I will be reviewing the July 2011 in deploy during my monthly Patch Tuesday webinar tomorrow at 11am CDT. You can register to attend the live webinar here.
- Jason Miller