June 2012 Patch Tuesday Overview

There are two Microsoft Security Bulletins administrators should look at addressing first from this Patch TuesdayMS12-037 affects all supported versions of Microsoft Internet Explorer and addresses 13 vulnerabilities.  All of these vulnerabilities are privately disclosed and there have been no active attacks to date, but it is important to patch your browsers as soon as possible as they are commonly attacked.  MS12-037 and the security bulletin for Microsoft Lync, MS12-039, are related.  Both bulletins address vulnerability in the way HTML is sanitized in both Internet Explorer and Lync.  If your machines have both of these products installed, you will need to install both bulletins to fully address this vulnerability.

MS12-036 is the second bulletin administrators should address immediately this month.  This Security Bulletin fixes one vulnerability in Microsoft’s RDP client.  With this vulnerability, an unauthenticated attacker sends malicious RDP packets to a machine that has RDP enabled can result in Remote Code Execution.  It is important to note a couple of items with this bulletin.  First, RDP is not enabled by default on systems but the majority of administrators rely on RDP to manage their servers and workstations.  Second, this type of an attack is an unauthenticated attack.  An attack that allows and attacker to not be authenticated raises the severity of the vulnerability.  Third, even if your machines do not have RDP enabled, administrators should still apply this bulletin to all of their machines.  By installing this bulletin, administrators do not have to worry about a machine having RDP enabled at a later time.  Without patching RDP, the machine would be instantly vulnerable to attacks.

This would also mark a great time for administrators to harden their network to lower the severity of future RDP attacks.  RDP should only be available to machines on your local network.  This can be controlled via a firewall program that blocks the RDP ports to a known and trusted local IP address range.  It is important to note this will not stop and internal attack on RDP, but this will help mitigate some risk with attacks against RDP.

MS12-038 (.NET Framework) presents us this month with a new interesting case for Windows 8 preview users.  In the case of MS12-038, users of the first Windows 8 Preview release will need to apply this bulletin.  Any user that has moved up to the latest version of Windows 8 Preview will not have to apply this patch as it was already included in the build.  As we go forward with the Preview builds of Microsoft software, particular attention is going to have to be made to the release notes of Security Bulletins.

There are two bulletins to take note of this month as the patches will not be distributed through Windows Update.  The patch for Microsoft Lync Attendee in Security Bulletin MS12-039 and the patches for Microsoft Dynamics AX (MS12-040) are not available for this distribution method.  This is common for these types of software installations.  The Lync Antendee is intended to be distributed through the Lync console.  Again, this is common in these types of software installations.  The Lync Attendee is intended to be distributed through the Lync console.  As you go through your Patch Tuesday, it will be important to scour your network to ensure you do not have these products installed.  If you do have these products installed, you will need to manually update these software installations.  Quite often we just assume our patch management product will cover all products and patches on Patch Tuesday.  It is important to stay vigilant and read all information that is released by software vendors to ensure your network is 100% covered for vulnerabilities that have patches released for them.

On the Non-Microsoft front, Apple has released a new version of their Apple iTunes program.  Apple iTunes 10.6.3 fixes two security vulnerabilities.  Adobe also joined this Patch Tuesday with a security bulletin release for their ColdFusion product.  APSB12-15 addresses one vulnerability.  Last Friday, Adobe released new versions of their Adobe Flash and AIR program.  APSB12-14 addressed seven vulnerabilities and should be deployed to your network as soon as possible as the Adobe Flash programs are commonly attacked.

I will be going over the June Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. In addition, I will be spending some time discussing the Flame virus situation. This webinar is scheduled for next Wednesday, June 13th at 11:00am CT. You can register for this webinar here.

– Jason Miller

June 2012 Patch Tuesday Advanced Notification

The second Tuesday is just around the corner, so this means we have another fun-filled Patch Tuesday on the horizon.  Microsoft has released their Advanced Notification for the June 2012 edition of Patch Tuesday.  Microsoft is planning to release seven bulletins addressing 28 vulnerabilities.  This month marks the operating system and bi-monthly Internet Explorer patching cycle, so all of your machines will be affected.  Earlier this week, Microsoft released a Security Advisory with an update to their certificates for Terminal Services.  By now, you have probably heard and read all the details around the latest virus threat affecting a specific country.  If you have not reviewed the information provided by Microsoft in their Security Advisory, you should plan on taking some action during this Patch Tuesday cycle.  The odds of the Flame virus affecting your network are very, very unlikely.  But with any live virus, attackers will reverse engineer the virus to find the source code that exploits Microsoft’s digital signatures.  The Security Advisory released will be a defense for future attacks and virus outbreaks on your network.

Security Bulletin Breakdown:

  • 3 bulletins are rated as Critical
  • 4 bulletins are rated as Important
  • 4 bulletins addressing vulnerabilities that could lead to Remote Code Execution
  • 3 bulletins addressing vulnerabilities that could lead to Elevation of Privilege

Affected Products:

  • All supported versions of Internet Explorer
  • All supported versions of Microsoft Operating Systems
  • All supported versions of Microsoft Office products (2003, 2007, 2010)
  • Microsoft Visual Basic for Applications
  • Microsoft Visual Basic for Applications SDK
  • Microsoft Dynamics AX 2012

 I will be going over the June Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar.  In addition, I will be spending some time discussing the Flame virus situation.  This webinar is scheduled for next Wednesday, June 13th at 11:00am CT.  You can register for this webinar here.

 – Jason Miller