GET HELP NOW LOGIN

Let's Talk About Science

Patch Tuesday

Bulletin/Advisory Details MS11-053Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)Microsoft Rating: CriticaleEye Rating: Important CVE: CVE-2011-1265 AnalysisThis bulletin addresses a privately reported remote code execution vulnerability in the Windows Bluetooth 2.1 driver. The patch fixes a stack vulnerability that occurs when memory, which has not been initialized correctly or has been deleted, is accessed. An attacker that successfully exploited this vulnerability would gain system-level access to the target machine. RecommendationsDeploy patches as soon as possible. Until the patch can be applied, open the Bluetooth Settings dialog box. Uncheck the box next to the "Allow Bluetooth devices to connect to this computer" setting. This will prevent all Bluetooth devices from connecting to affected systems, which will mean Bluetooth mice and keyboards will be affected, as well. MS11-054Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)Microsoft Rating: Important eEye Rating: Important CVE List: CVE-2011-1874, CVE-2011-1875, CVE-2011-1876, CVE-2011-1877, CVE-2011-1878, CVE-2011-1879, CVE-2011-1880, CVE-2011-1881, CVE-2011-1882, CVE-2011-1873, CVE-2011-1884, CVE-2011-1885, CVE-2011-1886, CVE-2011-1887, & CVE-2011-1888 AnalysisThis bulletin addresses 15 privately reported locally exploitable vulnerabilities in the Win32 Kernel: 14 elevation of privilege vulnerabilities and 1 information disclosure vulnerability. The patch fixes 9 use- after-free-vulnerabilities and 6 null pointer de-reference vulnerabilities. In the worst case scenario, an attacker that successfully exploited the elevation of privilege vulnerabilities would gain kernel-level access to the target machine. RecommendationsDeploy patches as soon as possible since no mitigation is available. MS11-055Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)Microsoft Rating: ImportanteEye Rating: Important CVE: CVE-2010-3148 AnalysisThis bulletin addresses a publicly reported remote code execution vulnerability in Microsoft Visio. The patch fixes an insecure library loading vulnerability. An attacker that successfully exploited this vulnerability would gain user-level access to the target machine and would be able to execute remote code within the context of that user. RecommendationsDeploy patches as soon as possible. Until the patch can be applied, block ports 139 and 445 using a firewall, prevent the WebClient service from running, and prevent DLL's loaded from WebDAV and remote shares. MS11-056Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)Microsoft Rating: ImportanteEye Rating: Important CVE List: CVE-2011-1281, CVE-2011-1282, CVE-2011-1283, CVE-2011-1284, & CVE-2011-1870 AnalysisThis bulletin addresses 5 privately reported local elevation of privilege vulnerabilities in the Windows Client/Server Run-time Subsystem (CSRSS). The patch fixes all 5 vulnerabilities that occur when an attacker locally runs a malicious program on the target system. An attacker that successfully exploited this vulnerability would gain kernel-level access to the target machine. RecommendationsDeploy patches as soon as possible since no mitigation is available.

Let's Talk About Science!

We like to talk about our side projects, and latest science and technology news here.


The Computer Guy Classic T-Shirt !


The Computer Guy Classic T-Shirt

The Classic "Problem Solved - Others Created" T-Shirt is now available.

About Computer Guy

Computer Guy provides a technology concierge service. We offer a level of service most other tech support companies just can't provide. Computer Guy is celebrating 25 years in business and we maintain an A+ rating with the Better Business Bureau.

We Are A+ Rated

Contact Us

  • Address:
    6911 Torresdale Avenue
    Philadelphia, Pennsylvania
  • Phone:
    (215) 338-7500
    LIVE technician 24 hours a day
  • Email:
    inquiry@geekgroup.com