Microsoft Patch Tuesday Roundup - September 2011
Sensitive Data is More than "Important"
All but one of this month's Microsoft Patch Tuesday updates relates to Microsoft Office applications and/or Windows components that handle documents (such as RTF, TXT, and Word Document files as described in MS11-071). The three Office-related bulletins are listed as "important" on the Microsoft site, despite the fact that they allow for remote code execution. Another bulletin, MS11-074, announces issues with Microsoft's SharePoint, a server application for sharing information and managing documents.
While I don't recommend completely ignoring Microsoft's risk categories, developing your own metrics for risk classification can go a long way to improving your defenses and patch management programs. Vulnerabilities that target Microsoft Office users who have access to sensitive data are a higher priority to patch. It’s critical to know where sensitive data lies so that you can identify if the data is at risk from these vulnerabilities. SecurityCenter's management and Nessus's auditing capabilities provide you with valuable information to identify where sensitive data resides in your network and help you prioritize your patch schedule.
For example, Nessus can perform a variety of content checks to look for credit card, financial, personal, copyrighted and other types of sensitive data. The dashboard below summarizes a variety of different types of sensitive data audits:
One of the things I like best about the dashboard shown above (which can be downloaded from this entry on the SecurityCenter Dashboard Site) is that you can overlay other types of results, such as the systems that contain vulnerabilities for which an exploit exists. If I had to prioritize a patch rollout, I might start with systems that have access to sensitive data and also have vulnerabilities that can be easily exploited.
To help evaluate the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:
- MS11-071 - Nessus Plugin ID 56174 (Credentialed Check)
- MS11-072 - Nessus Plugin ID 56175 (Credentialed Check)
- MS11-073 - Nessus Plugin ID 56176 (Credentialed Check)
- MS11-074 - Nessus Plugin ID 56177 (Credentialed Check)
Resources
- Microsoft Security Bulletin Summary for September 2011
- OSVDB Microsoft Bulletins - Complete Reference
- More on DigiNotar Certificates, and September Bulletins(Microsoft Security Response Center Blog)
Related Articles
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!