Last month while discussing the enormous quantity of fixes in June’s Patch Tuesday with a customer, I suggested Redmond might go easy on us in July and let us slip into summer holiday mode. It looks like someone at Microsoft heard my wish as we only have four patches this month.
Three of this months bulletins are rated important by Microsoft. The first is a DLL load order vulnerability in Microsoft Visio 2003 Service Pack 3. While this could technically allow remote code execution, we haven’t seen anything exploit this flaw.
The other two important bulletins, one in the Windows kernel and the other in Windows Client/Server (CSRSS), patch a total of 20 flaws. These are all related to elevation of privilege which could allow an attacker who compromises an regular user account to become Administrator.
MS11-053 is the only critical bulletin and is related to a flaw in Microsoft’s Bluetooth implementation. To exploit the flaw users would need to have their Bluetooth adapter in discoverable mode and be within range of a determined attacker.
MS11-053 only affects Windows 7 and Vista users, requires specific configurations and proximity to the victim. For these reasons SophosLabs believes this to be a low risk vulnerability.
This would be a great time to review your device control policies though. Sophos customers can disable Bluetooth on computers where it isn’t required using our integrated device control policy.
My conclusion? It’s always a good idea to stay current on your patches, but I wouldn’t forgo my holidays in a panic over this one. Start your testing, file your change controls and deploy when prudent.
If you would like more information on SophosLabs ratings please visit our vulnerability analysis page.
Creative Commons photo of the number four courtesy of kirstyhall’s Flickr photostream.