Secure IT Alert for Wednesday, February 9th, 2011
The February 2011 Patch Tuesday was not boring… Updates include something for everyone. Basically every current Microsoft Windows OS version was addressed.
The big one was the IE Update that fixed four code execution holes in the popular web browser.
In addition to fixing thumbnail and font vulnerabilities which mainly affect desktop users, several updates are very important for your servers.
Windows Server has an Active Directory DoS potential, elevation of privileges vulnerabilities from Client/Server Run-time SubSystem (CSRSS), LSASS, Kerberos & multiple kernel related issues and an Information Disclosure Vulnerability from scripting engines… Most of these are for XP & Windows Server 2003 but the scripting issue affects Windows 7 & Server 2008 R2 only.
As with most of these, Server Core is not affected.
Please apply the appropriate patches ASAP. Windows Update should be run, or if you are using WSUS, it should handle this for you.
But wait, there’s more!
Microsoft Visio 2002, 2003 and 2007 are vulnerable to code execution… More information is available in the MS11-008 Security Bulletin. This does not affect Visio 2010 or Visio 2007/2010 Viewer.
The Windows IIS FTP service running on Windows Vista, Windows 7, Server 2008 and Server 2008 R2 suffers from a buffer overflow vulnerability which if exploited could cause a DoS (Denial of Service) or worse, allow an attacker to obtain full control of the server. This one is likely the most severe of the updates and should be addressed immediately!
Should you require assistance, or have questions, please call us at 864.990.4748 or email firstname.lastname@example.org. We offer Microsoft Support in Greenville and Upstate, SC.