Security World: Patch Tuesday: Workstations hit hard but no 0-day exploits so no rush

So 9 security bulletins this month. All of them with the exception of MS07-049 impact workstations so unless you use Virtual Server, you server admins get off pretty easy this month. Across all the vulnerabilities is a piece of good news: none of them are public yet – that’s right – no zero day exploits this month so you can take your time testing

Everyone should note this point however: I don’t agree with the Important severity rating Microsoft assigned MS07-047, MS07-048 or MS07-049. These should all be Critical since they allow arbitrary code. Just because a setting isn’t turned on by default, or a user must click OK on a prompt, should not reduce severity.

Logging in Depth – Secure, Comply, Save – with EventTracker Complete Event Management
EventTracker software improves network security with centralized event log monitoring, security events correlation, host based intrusion detection and security beyond firewall. It provides unattended enterprise-wide event log management for millions of events a day.
For more information and to download a free trial

Some of the other good news is that many of the vulnerabilities this month can be mitigated by implementing a workaround instead of installing the update – and most via group policy at that! There are a couple that require a command to be executed on the local computer to unregister a DLL or delete a registry key so you might think about configuring Startup scripts via group policy for those.

Be sure to check out the chart below. It has many more additional facts and tips.

Are you PCI DSS compliant?
Introducing the GFI PCI Suite for event log management, network vulnerability scanning, patch management and network auditing!
Achieving compliance with the Payment Card Industry Standard (PCI DSS) should be high on the agenda of companies which store, transmit or process credit card data!
The GFI PCI Suite helps organizations become compliant with the majority of the automated processes required by the PCI DSS. This package includes GFI EventsManager for event log management and GFI LANguard Network Security Scanner for network vulnerability scanning, patch management and network auditing.
Learn how GFI can help you become PCI DSS compliant today!

KB #	Exploit Type Product	Principle type of systems exposed	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Vulnerable Windows or Office versions				Notes	Randy’s recommendation
KB #	Exploit Type Product	Principle type of systems exposed	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	2000	XP	2003	Vista/ 2007	Notes	Randy’s recommendation
MS07-042 - 936227	Arbitrary code Windows, XML Core Services	Workstations & Terminal Servers	No/No	No	Critical	Yes	Yes	Yes	Yes	XML Core Services may get installed by MS apps in addition to Windows. See KB269238	Patch after testing
MS07-043 - 921503	Arbitrary code Windows, Visual Basic, Office for Mac	Workstations & Terminal Servers	No/No	No	Critical	Yes	Yes	Yes	No	OLE Automation. Known issue for Visual Basic developers (KB921503) and users of 3^rd party developed VB apps (KB921503)	Patch after testing. Check 3^rd party apps. Developers, alert your users.
MS07-044 - 940965	Arbitrary code Office, Excel	Workstations & Terminal Servers	No/No	Yes	Critical	Yes	Yes	Yes	No		Patch after testing or use Office File Block policy workaround
MS07-045 - 937143	Arbitrary code, DOS Windows Internet Explorer	Workstations & Terminal Servers	No/No	No	Critical	Yes	Yes	Yes	Yes		Patch after testing
MS07-045 - 937143	Arbitrary code, DOS Windows Internet Explorer	Workstations & Terminal Servers	No/No	No	Critical	Yes	Yes	Yes	Yes	Cumulative Update includes non-security fixes. Known issue in KB937143. Sets kill bits for several non-MS ActiveX controls	Patch after testing
MS07-046 - 938829	Arbitrary code Windows	Workstations & Terminal Servers	No/No	No	Critical	Yes	Yes	No if SP2	No	W2003 SP2 not affected	Patch after testing
MS07-047 - 936782	Arbitrary code Windows	Workstations & Terminal Servers	No/No	Yes	MS says Important; I say Critical	Yes	Yes	Yes	Yes	Windows Media Player skins. Known issue with .SWF Flash files (KB936782)	Patch after testing or implement WMZ/WMD workaround
MS07-048 - 938123	Arbitrary code Windows	Workstations	No/No	Yes	MS says Important; I say Critical	No	No	No	Yes	Vista Gadgets	Patch after testing or use one of the workarounds supported by group policy
MS07-049 - 937986	Arbitrary code Virtual PC Virtual Server	Virtual PC & Virtual Server	No/No	No	MS says Important; I say Critical	Versions PRIOR to Virtual PC 2007 and Virtual PC Server 2005 R2 SP2					Install patch or upgrade to latest version
MS07-050 - 938127	Arbitrary code Windows, Internet Explorer	Workstations & Terminal Servers	No/No	Yes	Critical	Yes	Yes	Yes	Yes	Disable Vector Markup Language	Patch after testing or implement workaround

Comply. Secure. Optimize. – LogRhythm - Click Here!

Finally... Concurrent logon control and reliable logon/logoff auditing in one tool! – Engagent - Click Here

Click Here to Opt Out

Security World

Tuesday, August 14, 2007

Patch Tuesday: Workstations hit hard but no 0-day exploits so no rush

No comments:

Post a Comment