VERT Alert - March 8, 2011

- Mar 8, 2011 -

March 8, 2011 2:00 PT

The Tripwire VERT Alert is brought to you by Tripwire VERT, Tripwire’s research team. VERT Alerts are distributed for Microsoft Patch Tuesday and for significant security threats.

Today’s VERT Alert addresses three new Microsoft Security Bulletins. VERT is actively working on coverage for this bulletin in order to meet our 24-hour SLA and expects to ship ASPL-392 on Wednesday, March 9th.

MS11-015 DirectShow Insecure Library Loading Vulnerability CVE-2011-0032
  DVR-MS Vulnerability CVE-2011-0042
MS11-016 Microsoft Groove Insecure Library Loading Vulnerability CVE-2010-3146
MS11-017 Remote Desktop Insecure Library Loading Vulnerability CVE-2011-0029

 

MS11-015

 

One of the two vulnerabilities described by this bulletin is another DLL Preloading issue, similar to the ones that we saw patched in December and January. This one affects Microsoft DirectShow. The second vulnerability affects dvr-ms file format and could lead to potential code execution

MS11-016

The single vulnerability described by this bulletin is another DLL Preloading issue, similar to the ones that we saw patched in December and January. This one affects Microsoft Groove 2007. As with previous vulnerabilities, successful exploitation of this issue requires the attacker entice the user to open a file from a WebDAV or SMB share.

MS11-017

The single vulnerability described by this bulletin is another DLL Preloading issue, similar to the ones that we saw patched in December and January. This one affects the Microsoft Remote Desktop Client. As with previous vulnerabilities, successful exploitation of this issue requires the attacker entice the user to open a file from a WebDAV or SMB share.

Other Information

Microsoft Security Advisory 2501696

Microsoft has still not shipped a fix for the vulnerability described in Security Advisory 25016961. However they have made a FixIt available that can be applied to a system in order to help mitigate the likelihood of successful exploitation of the vulnerability. The FixIt was released in KB25016962.

Microsoft Security Advisory 2491888

Microsoft released this advisory3 on February 23rd to inform users of a vulnerability in the Microsoft Malware Protection Engine. Since the engine is updated via its own built-in auto-update mechanism, a security bulletin will not be released for this vulnerability. The vulnerability is resolved in engine version 1.1.6603.0.

Microsoft FixIt

Microsoft releases their FixIt file in the msi format, which means that these files can be published to multiple systems without the need for application on a per -system basis.

As always VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.
Ease of Use (published exploits) to Risk Table

Automated Exploit
 
 

MS11-015
MS11-016
MS11-017

 
 
 
 
Easy
 
 
 
 
 
 
 
Moderate
 
 
 
 
   
 
Difficult
 
 
 
 
 
 
 
Extremely Difficult
 
 
 
 
 
 
 
No Known Exploit
 
 

 

 
 

 

 
 
Exposure
Local Availability
Local
Access
Remote Availability
Remote Access
Local Privileged
Remote Privileged

All data and commentary is based on information available when the VERT Alert is published.

About Tripwire, Inc.
Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses, government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands of customers rely on Tripwire's integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire VIA™, the integrated compliance and security software platform delivers best-of-breed file integrity, policy compliance and log and event management solutions, paving the way for organizations to proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and @TripwireInc on Twitter.