nCircle VERT Blog

MS11-074 and Patching Priority

Microsoft’s MS11-074 advisory has been out for a couple weeks now and I just wanted to post some thoughts on it. First off it was a particularly large advisory featuring many applications:

  • Microsoft Office 2007 Groove
  • Microsoft SharePoint Workspace 2010
  • Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Services 2.0
  • Microsoft SharePoint Services 3.0
  • Microsoft SharePoint Server 2007
  • Microsoft SharePoint Server 2010
  • Microsoft Groove Server 2007
  • Microsoft Groove Server 2010
  • Microsoft Office Forms Server 2007
  • Microsoft Office 2010 WebApps

For administrators this is quite a list of patches to apply if running these applications on their network. In addition to the larger than usual application list for a single advisory, Microsoft has covered SharePoint Server 2007/2010 in an unusual way this time.

Overall there are a total of six vulnerabilities addressed by MS11-074; five of which affect SharePoint Server at various versions. The unusual thing about this advisory was that Microsoft patched SharePoint by individual server component instead of one patch to address the vulnerabilities. Regardless of the reason for this I see it presenting an issue to administrators who have to prioritize the patches they apply especially if they are required to apply those that are critical first. In this case they were all rated important so it may not have been such an issue however I disagree with Microsoft failing to provide a mapping in in MS11-074 for which patch corrects which vulnerability.

To illustrate the details:

Microsoft Application# of Vulnerabilities# of Patches
Microsoft SharePoint Server 2007 (x86)24
Microsoft SharePoint Server 2007 (x64)24
Microsoft SharePoint Server 201057

As it stands, an administrator would have to apply all of these vulnerabilities in order to ensure a patched state not knowing if any subset of patches will correct a particular vulnerability. Now I just want to say I am not at all trying to advocate minimum patching practices here as I can already hear a rebuttal to this post in my head “Who cares which patch fixes which vulnerability just apply them all”; While I can understand that line of thinking I wanted to point out that on large networks prioritizing the distribution of patches is a reality and the presentation of MS11-074 makes it difficult for administrators to do this.

Posted by Eric on September 29, 2011 11:01 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/430

About

This page contains a single entry from the blog posted on September 29, 2011 11:01 AM.

The previous post in this blog was When Tech Support Dweebs Attack.

The next post in this blog is TLS Renegotiation issue.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: VERT
Author: nCircle VERT

nCircle VERT is the research team behind nCircle, continuously publishing updates for nCircle IP360 and nCircle's family of products. VERT conducts deep research across a broad class of network security intelligence, creating unique, agentless detection for: vunerabilities, host configurations, applications, services, user accounts, operating systems, and other network security conditions. Members of the group use this blog to share their opinions on the security industry, emerging threats, technology trends, and the world at large.


Search

   


Recent Posts

   

Archives

   

Categories