Microsoft Patch Tuesday Roundup - July 2011
Remote exploits come in many different shapes, forms and sizes. Listening services, web browsers and wireless technologies can all contain vulnerabilities that allow for "remote exploitation". The difficult part is defining just how "remote" an attacker needs to be. Obviously, the exposed network service could theoretically be exploited by anyone connected to the Internet. Web browser exploits require that a user visit a site (by choice or surreptitiously) that loads malicious code. Wireless technologies such as Bluetooth require that you be in range. Here's where it gets interesting! There are many situations where end users could be in range of attackers, including conferences, coffee shops, airports, or even right in your own facility. Having said that, it would be difficult for these attacks to target a specific organization unless you were physically on-site, which occurs less frequently than someone attacking you over the Internet. However, we should note that Bluetooth uses the 2.4 GHz spectrum for communications and can be extended using the same or similar gear as WiFi.
Nessus and SecurityCenter users can enumerate the Bluetooth devices in their environments using Nessus plugin ID 43830, "WMI Bluetooth Network Adapter Enumeration". Using credentials, this plugin will detect if a host has a Bluetooth adapter enabled.
Also of note, MS11-054 fixes 15 vulnerabilities in Windows kernel-mode drivers that lead to privilege escalation and a remote code execution in Microsoft's Visio application. The Visio vulnerability is interesting because network and systems engineers with a higher level of access to networks and systems use Visio as a documentation tool.
To further aid in your efforts to evaluate the exposures presented by the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:
Resources
Related Articles
Navigating Security Challenges Around OT in the DoD’s Manufacturing Lines
April 15, 2024How operational technology can revolutionize logistics, supply chain management, and overall efficiency.
CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild
April 12, 2024A critical severity command injection vulnerability in Palo Alto Networks PAN-OS has been exploited in limited targeted attacks. While a fix is not yet available, patches are expected to be released on April 14 and mitigation steps are available.
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
