Patch Tuesday Observer; Next Security Log Webinar

Join us for our next Webinar on November 20

Auditing Program Execution with the Security Log

It now more important than ever to control and monitor what software is executing on your network.  Without a thorough audit trail of program execution you face increased risks from malware, malicious users and admins, software licensing and it becomes very difficult to investigate incidents of malware infestation, intrusions by hackers and user misbehavior. 

In this real training webinar I will show you how to use the Windows security log to trace program execution on servers and workstations.  You will learn What programs did this user execute?

         -          How long did the program run?

         -          Detect new programs run for the first time

         -          What are all the unique programs executed on this server over a period of time?

 

To make this webinar possible your registration data will be shared with our sponsor.

 

Register now for this webinar and watch either the live event or the recorded version or both! 

 

Space is limited.
Reserve your Webinar seat now at:
https://www.gotomeeting.com/register/187683394

 

Title:   Auditing Program Execution with the Security Log

Date:  Thursday, November 20, 2007

Time:  12:00 PM - 1:00 PM EDT

 

______________________________________________________________________________

Patch Tuesday Observer

 

Only 2 this month. One is very big and the other while not urgent is very interesting. 

First the big one: MS07-061 is the patch for the IE7-on-pre-Vista vulnerability Microsoft announced last week. This hole is public and being exploited right now. If you are running IE7 on XP or Win2k workstations you need to load this one as soon as possible – even skipping testing. It allows someone to run arbitrary code on workstations under the authority of the user that opens the malicious attachment or clicks on the malicious link. Although computers with IE6 are not currently affected that could change so stay tuned.

The other one applies only to DNS servers. This is one of those indirect vulnerabilities where you can only protect other DNS clients – not yourself as a DNS client. What do I mean by that? DNS servers include random transaction numbers in their queries sent to other DNS servers. Windows DNS Server doesn’t make those numbers random enough which makes it practical for a bad guy to spoof the DNS server and reply with an a different address thus misdirecting clients to an imposter server. This could ultimately allow the bad guy to even impersonate an web server secured with an SSL certificate. (The attacker would also have to obtain a certificate from one of the many, many less strict certification authorities that Windows automatically trusts.) Keeping DNS servers secure is surprisingly important for protecting SSL websites like online banking, e-commerce and the like.

2 other things on the patching front. If you have software with MacroVision’s safedisc (mostly used by game software publishers) you should check out the patch at http://www.macrovision.com/promolanding/7352.htm. Finally, if you use WSUS and have had some corruption problems in the last couple days please see http://blogs.technet.com/wsus/archive/2007/11/13/unexpected-ui-errors-in-wsus.aspx.

KB #	Exploit Type Product	Principle type of systems exposed	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Vulnerable Windows or Office versions				Notes	Randy’s recommendation
						2000	XP	2003	Vista/ 2008
MS07-061 (KB943460)	Arbitrary code Windows	Workstations & Terminal Servers	Yes/Yes	No	Critical	No	Yes	Yes	NO	Live exploit is with IE7; Restart required	Patch immediately if IE7 is installed. Patch after testing if IE6 is used.
MS07-062 (KB941672)	Spoofing Windows	DNS Servers	No/No	No	Important	Yes	No	Yes	No	DNS; Does not affect Workstation 2000	Patch DNS servers after testing

 

______________________________________________________________________________

Event log management & analysis made easy with GFI EventsManager. Free 30 day trial!

Logging in Depth – Secure, Comply, Save – with EventTracker Complete Event Management

 

______________________________________________________________________________

 

All of Randys webinars and more are available online! Click here

Here are some coupon codes you can use! They expire in 7 days though, so don't let this opportunity pass you by.
Edition          Coupon code           Savings
Bronze                QRB                    $10

Silver                  QRS                     $25

Gold                   QRG                    $50

 

________________________________________________________________________________

 

To foward this to a friend please click here

 

http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=FF&SI=12379&E=security.world%40gmail.com&S=1&N=23&Format=HTML

 

To opt out please click here

 

http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=OO&SI=12379&E=security.world%40gmail.com&S=1

________________________________________________________________________________

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

 

You may forward this email in its entirety but all other rights reserved.