Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

July 2011 Security Bulletin Release

As mentioned in July’s Advance notification post this month’s security bulletin releases, are now confirmed to contain 4 bulletins addressing 22 vulnerabilities, one of which has a critical rating, Microsoft has recommended for all security updates to be installed asap. The remaining three all have been rated as important bulletins.

This month sees a light bulletin release from Microsoft covering a small range of affected products including

  • All supported Microsoft operating systems
  • Microsoft Visio 2003

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and hence impacting on services provided:

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS11-053 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability. Critical
Remote Code Execution
Requires restart Microsoft Windows
MS11-054 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. Important
Elevation of Privilege
Requires restart Microsoft Windows
MS11-056 Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938) This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user’s system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities. Important
Elevation of Privilege
Requires restart Microsoft Windows
MS11-055 Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Important
Remote Code Execution
May require restart Microsoft Office

 

 

MS11-053 – Critical

This new security bulletin addresses one vulnerability in the Bluetooth stack for Windows Vista and Windows 7 and does not apply to Server editions (2003 or 2008). An attacker in the same vicinity of a vulnerable machine with Bluetooth enabled could result in an attacker sending malicious Bluetooth packets.  This could result in remote code execution.

If you have mobile users working outside of your office environment using Windows Vista or Windows 7, you will want to look at patching these machines as soon as possible.

Something of note with regards to this security update. Microsoft has reported and are releasing a non-security patch this month to coincide with this security bulletin. From testing occasionally on Windows 7 systems the update fails to install the windows drivers if you are using windows update. Microsoft are fixing issues with the User-mode Plug-and-Play (UMPnP) manager stack and as a result Microsoft will be offering a child-update within MS11-053. If the security update noticed the non-security update is not installed on the system, the non-security update will be deployed to the system first. This will prompt a reboot of the system, after the reboot the security update will then be offered and installed. This scenario will result in a longer patch deployment and as previously mentioned only effects desktop based operating systems and not Server editions.

 

MS11-055 – Important

The DLL preloading issue that Microsoft has been addressing over the past year appears to be back again and this important security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

 

This update applies to all supported desktops and server editions including Windows XP SP3, Windows Vista, Windows 7 and Server 2003 and Server 2008

 

MS11-054 – Important

This security update addresses 15 vulnerabilities in the Windows Kernel-Mode Drivers.  Which at first glance, the number of vulnerabilities addressed in this single bulletin naturally raises concerns.  All of the vulnerabilities addressed in this bulletin are however related and  an attacker must first have access to a system before they can actually exploit the vulnerability.

 

This update applies to all supported desktops and server editions including Windows XP SP3, Windows Vista, Windows 7 and Server 2003 and Server 2008

 

MS11-056 – Important

This security update addresses 5 vulnerabilities in the Windows Client/Server Run-time Subsystem on all supported Microsoft operating systems.  Like MS11-054, all of the vulnerabilities are related and again This bulletin also requires for an attacker to first have access to a system before they can exploit the vulnerability.

Please click the following link to view Microsoft’s deployment priority guidance which assists in deployment planning. You can also follow this link to view the risk and impact graph to visually see an aggregate view of this month’s severity and exploitability index.).

So in summary, we are likely to see updates requiring reboots of servers this month. (as usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)
MC.

 

Enjoy this article?