Patch Tuesday Observer

6 Patches released today. Most are affecting workstations. One unusual exploit is affecting Active Directory. We know your DCs aren’t directly connected to the internet so you probably already have some workarounds enabled. And of course you have a firewall…Pay particular attention to Windows 2000 Server since an anonymous user with access to the network (oh no!) could deliver a specially crafted LDAP packet to the affected system in order to exploit this vulnerability. Pay particular attention to this one. If you don’t have the workarounds in place, check your firewall and/or routers quickly! This one is a good exercise for all AD admins to look at. Follow the best practices and you won’t have to hurry home from vacation. Of note too is the exploit only affecting Vista. Teredo has to do with the network address translation of IPv6 traffic. This patch involves changes to the firewall and it seems this would be easier to implement that the workarounds.

Click here to forward this newsletter to a friend.

Logging in Depth – Secure, Comply, Save – with EventTracker Complete Event Management
EventTracker software improves network security with centralized event log monitoring, security events correlation, host based intrusion detection and security beyond firewall. It provides unattended enterprise-wide event log management for millions of events a day.
 For more information and to download a free trial
 

KB #	Exploit Type Product	Principle type of systems exposed	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Vulnerable Windows or Office versions				Notes	Randy’s recommendation
						2000	XP	2003	Vista/ 2007
MS07-036 - 936542	Arbitrary code Office Excel	Workstations & Terminal Servers	No/No	Yes	Critical	Yes	Yes	Yes	Yes	Excel including Office 2007 Compatibility Pack	Patch after testing
MS07-037 - 936548	Arbitrary code Office Publisher	Workstations & Terminal Servers	No/No	Yes	Important	No	No	No	Yes		Patch after testing
MS07-038 - 935807	Arbitrary code Windows Firewall	Workstations	No/No	Yes	Moderate	No	No	No	Yes	Teredo network interface	Patch after testing
MS07-039 - 926122	Arbitrary code, DOS Active Directory	Domain Controllers	No/No	Yes	Critical	Yes	No	Yes	No		Block affected port(s) if exposed to internet; Patch after testing
										Severity is important on Windows 2003
MS07-040 - 931212	Arbitrary code .NET Framework	Workstations & Web Servers	No/No	Yes	Critical	Yes	Yes	Yes	Yes	Information disclosure on Web servers with ASP.NET	Use workarounds; Patch after testing
MS07-041 - 931213	Arbitrary code IIS	Workstations	No/No	Yes	Important	No	Yes	No	No	XP Professional 32-bit only	Patch after testing if IIS is installed.

Until next time, happy patching!

No time to decode event logs? Get served with the events that matter, in real time!
GFI EventsManager is the solution for centralized event log management & reporting. Boasting the most advanced event processing & filtering rules in the industry, this tool acts as an early-warning system for failures & alerts on possible security breaches. Get to know what's really happening on your network. Try it free for 30 days!

Learn the Windows Security Log in 6 hours from your computer. This summer buy now and save $150 with coupon code SUMMER7  Click here for Randy’s Security Log Secrets Interactive Edition training course.

Click Here to Opt Out