Patch Tuesday: 2 easy ones for workstation admins; everyone else gets off easy

Only 2 bulletins this month and neither is what I’d call high priority unless you manage a server exposed to the Internet that sends or receives multi-cast traffic.  If you have systems connected to hostile networks that are open to IGMP/MLD and Router Discovery Protocol you should load this patch as soon as possible.  Of course workstations are typically in this category but I would recommend testing the patch before rolling out to hundreds or thousands of workstations.  Your other option – for systems that don’t need to support multicast traffic – is to disable the features with a registry tweak that can be automated through group policy with a custom administrative template. 

The other vulnerability is limited to the risk of someone logged on locally who runs a specially crafted program which elevates its privileges.  This is mostly a matter for high security workstation environments where end users don’t have admin authority and Terminal Servers where end-users could access and execute a specially crafted program. 

Don't miss out on our next training webinar entitled: Application Whitelisting: What is It and When Do You Need It?

In this webinar I will explain how Application Whitelisting works and answer these questions:

• What are the technical and human challenges with whitelisting?
• Is Application Whitelisting ready for prime-time? 
• How far does Windows' built-in whitelisting technology called Software Restrictions take you?
• How is the .Net framework relevant to whitelisting?
• Why does application whitelisting also address unauthorized/unlicensed software in addition to malware?

Remember, if you want to watch the recorded version of this webinar register for the live event.  That way you will get a link to the recorded version once it's available.

Space is limited.
Reserve your Webinar seat now at:
https://www1.gotomeeting.com/register/910941268

 

Title:   Application Whitelisting: What is It and When Do You Need It?
Date:  Thursday, January 24, 2008

Time:  12:00 PM - 1:00 PM EDT

 

KB #	Exploit Type Product	Principle type of systems exposed	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Vulnerable Windows or Office versions				Notes	Randy’s recommendation
						2000	XP	2003	Vista/ 2008
MS08-001 (KB941644)	Arbitrary code Windows	Workstations & Terminal Servers	No/No	Yes	Critical	Yes	Yes	Yes	Yes	Restart is Required	Options: - Disable or block IGMP/MLD and Router Discovery Protocol.  This will break multi-cast applications such as some features in Ghost or live Internet broadcasts.  Can be disabled using group policy by creating a custom administrative template. - Patch after testing
MS08-002 (KB943485)	Privilege elevation Windows	Workstations & Terminal Servers	No/No	No	Important	Yes	Yes	Yes	No	Restart is Required	Patch after testing

______________________________________________________________________________
Event log management & analysis made easy with GFI EventsManager. Free 30 day trial!

Logging in Depth – Secure, Comply, Save – with EventTracker Complete Event Management

Enterprise-class Log Management and SEM – Powerful, Easy, Affordable – LogRhythm

______________________________________________________________________________

To foward this to a friend please click here

 

http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=FF&SI=12379&E=security.world%40gmail.com&S=1&N=33&Format=HTML

 

To opt out please click here

 

http://www.ultimatewindowssecurity.com/enews/members.aspx?Task=OO&SI=12379&E=security.world%40gmail.com&S=1

________________________________________________________________________________

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

 

You may forward this email in its entirety but all other rights reserved.