Qualys Blog

www.qualys.com
wkandek

July 2011 Patch Tuesday

We rank as the highest priority Microsoft bulletin MS11-053 which fixes a vulnerability in the Bluetooth driver. This vulnerability is rated as "critical" and affects machines that are Bluetooth enabled. An attacker who is in close physical proximity can send specially crafted packets using Bluetooth which will cause the target’s  machine to crash, and possibly take control of the system. Addressing this vulnerability is most urgent for road warriors who have a Bluetooth device such as mouse or headset connected, and who use their laptops at airports, coffee shops, book stores or other public places where attackers can get within range without causing suspicion. As a workaround, users can temporarily disable Bluetooth. The vulnerability cannot be exploited over the wire, for example by visiting a malicious website or opening a word document. Only Windows 7 and Windows Vista are affected.

The second priority goes to MS11-055 which is a DLL-preloading issue in Visio 2003 SP3 and rated as "important." Newer versions like Visio 2007 and 2010 are not affected. This current strain of DLL pre-loading vulnerabilities was first identified in August of 2010 and plagues a large number of software packages, some from Microsoft and many from third party vendors. Addressing all of the vulnerabilities is a daunting task and will not be completed any time soon, so we recommend implementing the guidelines laid out in KB2269637 that provide an additional safety-net on the operating systems for all Windows applications.

The other two bulletins MS11-054 and MS11-056 affect Windows Kernel-Mode Drivers (win32k.sys) and Windows Client/Server Runtime Subsystem (CSRSS) respectively. Both are rated as "important" and attackers who already have access to the target’s machine can use these vulnerabilities to get system level privileges.

Microsoft also released a document that goes into depth on software mitigation techniques, options for software developers and IT admins that describe various compiler switches and utilities that harden the Windows OS and applications against many exploits. The mitigation technologies include Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), Structured Exception Handler Overwrite Protection (SEHOP) and Enhanced Mitigation Experience Toolkit (EMET), which come standard in Microsoft’s newer software packages for Windows, such as Office 2010 and that provide an additional level of robustness against typical attacks.

-Guest post from Amol Sarwate, Vulnerability Labs Manager for Qualys

Leave a Reply