January Patch Tuesday Roundup

Blog Post created by rapid7-admin on Jan 13, 2011

Originally Posted by Trevor Richardson




So I know we all were hoping to see a fix for some of this Windows Graphic Rendering Engine nastiness...but no go. For now, you'll need to resort to the good ol' FixIt option or if you wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly.

Either way, if you're running IE, you'll have to patiently wait for the official patch release.

So this monthly release was lean-n-mean, Microsoft released (2) bulletins, addressing (3) vulnerabilities. One of which is pretty hardcore - expect to see active exploitation, while the other takes a lot more finesse for an attacker.






Pure Evil: MS11-002 addresses 2 privately reported vulnerabilities(CVE-2011-0026 & CVE-2011-0027).  Both target the way Microsoft Data Access Components validate memory allocation. Essentially an attacker could provoke a user into going to a website, in which a process to target MDAC can be executed. This would allow the attacker to take control of the target under the user's permissions. With that being said, your standard users are less of a concern. Your CEO that demanded Admin privileges? Well, thats another story =)


Kinda Evil: MS11-001 address a publicly disclosed vulnerability that effects Windows Backup Manager (CVE-2010-3145). So "001" is not just another "Important" patch, it marks a seemingly predictable trend of DLL-loading vulnerabilities. I'm not quite sure what that's all about, but its definitely notable.  So whats "001" all about? In order to exploit this, the user would have to knowingly accept a backup file from a 3rd party or visit an untrusted remote file system. If your users are doing these types of things, a patch is the least of your worries = | The other element that makes this less exposure have less B-A-N-G is that it only affects Windows Vista.

Below is the official breakdown of the January 2011 Patch Tuesday Release:


MS11-002/KB294871 - Critical (Windows XP,Vista,Win7,2003,2008 *Server Core): This  security update resolves two privately reported vulnerabilities in   Microsoft Data Access Components. The vulnerabilities could allow remote   code execution if a user views a specially crafted Web page. An   attacker who successfully exploited this vulnerability could gain the   same user rights as the local user. Users whose accounts are configured   to have fewer user rights on the system could be affected less than   users who operate with administrative user rights. **Patch ASAP**


MS11-001/KB294871 – Important (Windows Vista): This security update resolves a publicly disclosed vulnerability in  Windows Backup Manager. The vulnerability could allow remote code  execution if a user opens a legitimate Windows Backup Manager file that  is located in the same network directory as a specially crafted library  file. For an attack to be successful, a user must visit an untrusted  remote file system location or WebDAV share and open the legitimate file  from that location, which in turn could cause Windows Backup Manager to  load the specially crafted library file.

Until next time...Happy Patching!