Actu
Response to Microsoft’s Patch Tuesday, July, from Rapid7
July 2011 by July, by Marcus J. Carey, Security Reseacher & Community Manager, Rapid7
“July’s Patch Tuesday is pretty light, with only one “critical” bulletin – MS11-053 – though this should be taken seriously as it allows remote command execution to clients on Windows 7 and Windows Vista. This will affect both consumer and corporate users.
In addition, wireless vulnerabilities such as MS11-053 are always quite sexy because if successfully exploited they allow attackers to do anything they want to the machine through Bluetooth wireless devices. To successfully exploit this vulnerability an attacker may need specialized equipment to actually transmit the specially crafted Bluetooth traffic. This should concern users who have internal Bluetooth devices or people that use after-market Bluetooth headphones, mouses, keyboards, and printers through USB. The problem with Bluetooth is that often people have their Bluetooth devices activated and are totally unaware that they are transmitting.
For companies that require remote workers to connect via VPN or directly to their office for updates, it is essential that all Bluetooth users are made aware of the risks and limit their Bluetooth usage until they can be patched.
We can expect more Bluetooth related bugs popping up due to projects like Project Ubertooth, which is enabling security researchers to experiment with Bluetooth hardware and communication. While critical, this vulnerability could be difficult to exploit as generally speaking attackers would need to be in the immediate vicinity of the Bluetooth device to compromise it; however, there are devices known as “Bluetooth Sniper Rifles” that enable attacks from greater distances.
Finally, regarding the bulletin for Visio, this is rated “important” and will not affect many people outside corporate circles; however, organizations that are using it will need to be patched, and in the meantime should be wary of Visio files sent from unknown sources.”
