Tuesday, November 13, 2007

Patch Tuesday Observer; Next Security Log Webinar

Join us for our next Webinar on November 20

Auditing Program Execution with the Security Log

It now more important than ever to control and monitor what software is executing on your network.  Without a thorough audit trail of program execution you face increased risks from malware, malicious users and admins, software licensing and it becomes very difficult to investigate incidents of malware infestation, intrusions by hackers and user misbehavior. 

In this real training webinar I will show you how to use the Windows security log to trace program execution on servers and workstations.  You will learn What programs did this user execute?

         -          How long did the program run?
         -          Detect new programs run for the first time
         -          What are all the unique programs executed on this server over a period of time?
 
To make this webinar possible your registration data will be shared with our sponsor.
 
Register now for this webinar and watch either the live event or the recorded version or both! 
 
Space is limited.
Reserve your Webinar seat now at:
https://www.gotomeeting.com/register/187683394
 
Title:   Auditing Program Execution with the Security Log
Date:  Thursday, November 20, 2007
Time:  12:00 PM - 1:00 PM EDT
 
______________________________________________________________________________

Patch Tuesday Observer
 
Only 2 this month. One is very big and the other while not urgent is very interesting. 

First the big one: MS07-061 is the patch for the IE7-on-pre-Vista vulnerability Microsoft announced last week. This hole is public and being exploited right now. If you are running IE7 on XP or Win2k workstations you need to load this one as soon as possible – even skipping testing. It allows someone to run arbitrary code on workstations under the authority of the user that opens the malicious attachment or clicks on the malicious link. Although computers with IE6 are not currently affected that could change so stay tuned.

The other one applies only to DNS servers. This is one of those indirect vulnerabilities where you can only protect other DNS clients – not yourself as a DNS client. What do I mean by that? DNS servers include random transaction numbers in their queries sent to other DNS servers. Windows DNS Server doesn’t make those numbers random enough which makes it practical for a bad guy to spoof the DNS server and reply with an a different address thus misdirecting clients to an imposter server. This could ultimately allow the bad guy to even impersonate an web server secured with an SSL certificate. (The attacker would also have to obtain a certificate from one of the many, many less strict certification authorities that Windows automatically trusts.) Keeping DNS servers secure is surprisingly important for protecting SSL websites like online banking, e-commerce and the like.

2 other things on the patching front. If you have software with MacroVision’s safedisc (mostly used by game software publishers) you should check out the patch at http://www.macrovision.com/promolanding/7352.htm. Finally, if you use WSUS and have had some corruption problems in the last couple days please see http://blogs.technet.com/wsus/archive/2007/11/13/unexpected-ui-errors-in-wsus.aspx.

KB #

Exploit Type

Product

Principle type of systems exposed

Exploit details public? / Being exploited?

Comprehensive, practical workaround available?

MS severity rating

Vulnerable
Windows or
Office versions

Notes

Randy’s recommendation

2000

XP

2003

Vista/ 2008

MS07-061

(KB943460)

Arbitrary code

Windows

Workstations & Terminal Servers

Yes/Yes

No

Critical

No

Yes

Yes

NO

Live exploit is with IE7; Restart required

Patch immediately if IE7 is installed. Patch after testing if IE6 is used.

MS07-062

(KB941672)

Spoofing

Windows

DNS Servers

No/No

No

Important

Yes

No

Yes

No

DNS;
Does not affect Workstation 2000

Patch DNS servers after testing

 

______________________________________________________________________________

Event log management & analysis made easy with GFI EventsManager. Free 30 day trial!

Logging in Depth – Secure, Comply, Save – with EventTracker Complete Event Management
 
______________________________________________________________________________
 
All of Randys webinars and more are available online! Click here

Here are some coupon codes you can use! They expire in 7 days though, so don't let this opportunity pass you by.
Edition          Coupon code           Savings
Bronze                QRB                    $10
Silver                  QRS                     $25
Gold                   QRG                    $50
 
________________________________________________________________________________
 
To foward this to a friend please click here
 
http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=FF&SI=12379&E=security.world%40gmail.com&S=1&N=23&Format=HTML
 
To opt out please click here
 
http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=OO&SI=12379&E=security.world%40gmail.com&S=1
________________________________________________________________________________
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.
 
You may forward this email in its entirety but all other rights reserved.
at

No comments:

Post a Comment