Four Critical and two Important security updates and if you care about your data in SharePoint one of those Important updates (MS07-059) should be Critical too. Most of you out there will be particularly concerned about the publicly disposed vulnerability fixes for Word, IE and SharePoint. The Word and IE related patches of course impact your workstations while SharePoint should impact relatively few servers on typical networks. Here’s something to think about: How many of you use an Application Service Provider for SharePoint? I do. I’m making sure they get this patch loaded ASAP and you should too. I’m finding more and more critical business data move into SharePoint.
As to the rest of the patches, unless your folks are big Kodak Image Viewer or Windows Mail/Outlook Express there’s no need to escalate MS07-055 or MS07-56. Same goes for MS07-058 unless you are worried about DOS attacks from insiders (e.g. college networks). My Fast Facts chart follows below.
Hey! Please register for my next webinar this week:
There’s 2 big holes in Windows when it comes to controlling user logons: 1. Windows provides no concurrent logon control, meaning that you cannot prevent a user from logging on to one workstation and then going to another computer and logging on there too. In this webinar I will explain the significant risks that multiple, concurrent logons create for your network and data.
2. As I’ve shown in previous webinars, there is NO central record of logoffs in the Windows security log environment. Yes, domain controllers provide a fairly centralized audit trail of logons but nothing is logged on domain controllers when users logoff from their workstations. Because of this you can’t even come close to determining how long a user was on your network or when they exited without looking at each workstation’s individual security log. In this webinar I’ll show you the problems this causes when you are investigating incidents or trying to build a record of a user’s actions.
The good news is that I’ve found one product that solves both of these issues. After my presentation you’ll hear from Engagent about UserLock and how it provides both centralized, easy to use logon session reporting and a way to control those risky concurrent logon sessions. With UserLock you can kill 2 birds with one stone. Register now to learn how!
Register now even if you can’t make the live event – we’ll send you a link to the recording.
Date: October 11th
Time: 12:00pm EDT
| KB # | Exploit Type Product | Principle type of systems exposed | Exploit details public? / Being exploited? | Comprehensive, practical workaround available? | MS severity rating | Vulnerable Windows or Office versions | Notes | Randy’s recommendation | |||
| 2000 | XP | 2003 | Vista/ 2008 | ||||||||
| MS07-055 (KB923810) | Arbitrary code Windows | Workstations & Terminal Servers | No/No | No | Critical | Yes | Yes | Yes | No | Kodak Image Viewer – Only affects XP and 2003 if it was upgraded from 2000 | Patch after testing |
| MS07-056 (KB941202) | Arbitrary code Windows | Workstations & Terminal Servers | No/No | Yes | Critical | Yes | Yes | Yes | Yes | Outlook Express, Mail | Disable news protocol handler; Patch after testing |
| MS07-057 (KB939653) | Arbitrary code Internet Explorer | Workstations & Terminal Servers | Yes/No | No | Critical | Yes | Yes | Yes | Yes | Cumulative update addresses several vulnerabilities | Patch after testing |
| MS07-058 (KB933729) | Denial of Service Windows | All | No/No | No | Important | Yes | Yes | Yes | Yes | RPC Authentication | Patch after testing |
| MS07-059 (KB942017) | Privilege Elevation; Information Disclosure Windows | Servers | Yes/No | No | Important | No | No | Yes | Yes | Sharepoint Server | Patch after testing |
| MS07-060 (KB942695) | Arbitrary code MS Word | Workstations & Terminal Servers | No/Yes | No | Critical | Yes | Yes | No | No | | Patch after testing |
Don't forget to register for this weeks webinar!
Url: https://www.gotomeeting.com/register/889050824
__________________________________________________________________________________________________
If you would like to send this to a friend please click here http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=FF&SI=2054&E=cedric.hunt%40theclearinghouse.org&S=1&N=13&Format=HTML
If you would like to opt out of this news letter please click here http://www.ultimatewindowssecurity.com/enews/members.aspx? Task=OO&SI=2054&E=cedric.hunt%40theclearinghouse.org&S=1
__________________________________________________________________________________________________
©2007 Monterey Technology Group, Inc. You may forward this email in its entirety but all other rights reserved.
3 comments:
We have a few college students online from College of Norwich University and we love your blog postings, so well add your rss or news feed for them, Thanks and please post us and leave a comment back and well link to you. Thanks Jen , Blog Manager Norwich University.
Hi, A really interesting learn. Hold it up.
Couldn’t agree a lot more! at your success i’m occupying with this content and even i think I\'ll profit out of this content. thank you extremely much
I actually like the document I am going to be linking back.
[url=http://chaussureslouboutinfr.com/]christian louboutin[/url] anyuw [url=http://abercrombiefrancebuy.org/]abercrombie paris[/url] ebnku [url=http://burberryfemmefr.org/]burberry homme[/url] gjqab [url=http://monclerfemmefr.org/]moncler homme[/url] hpxei
Post a Comment