Patch Tuesday Analysis: Internet Explorer, Exchange, SQL Server and Visio hit

An interesting month for MS security bulletins.  I'd say the most important one is the workstation vulnerability in IE 7 (MS09-002).  The exploit details are not yet public but Microsoft's new exploitability index rates it as "1 - Consistent exploit code likely".  This new exploitablilty index is a useful way for Microsoft to help us assess in assigning priority to patches and deciding how much time we have to testing before getting the patch out there to vulnerable systems.  You can read more about the index by clicking here.  The other workstation patch affects Visio but I think you can do your normal testing before rolling it out.

 

The Exchange vulnerabilities are definitely holes you want to patch on your Exchange servers as soon possible.  The exploit details are not yet public and the exploitability index indicates this one is a bit more difficult for the bad guys to exploit.  Given that and the fact that Exchange server availability is so critical for most of us I think you should do some testing before rolling it out if you have an Exchange test environment.

 

Finally there is a hole in many versions of SQL Server including the Windows Internal Database in later versions of Windows Server.  Did you know that Windows Server comes with an embedded version of SQL Server?  Yep.  Current versions of Microsoft's bulletins and summary are inconsistent about whether exploit details are public.  You may be able to use the workaround on this one.

 

Please register for my next webinars: When Good Admins Go Bad: The Critical Need for Log Management as a Deterrent/Detective Control .  This is real training for free.    

And here's the chart:   

Fast Facts on This Month’s Bulletins – sponsored by Shavlik NetChk Protect

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating / MS Exploitability Index	Products Affected	Notes	Randy's recommendation	Supported by Shavlik NetChk Protect ?
MS09-002 961260	Remote code/ Internet Explorer 7	Workstations	No / No	No	Critical / 1 - Consistent exploit code likely	Windows XP, 2003, Vista, 2008		Patch ASAP	Yes
MS09-003 959239	Remote code	Exchange servers	No / No	No	Critical / 2 - Inconsistent exploit code likely	Exchange 2003, 2007		Patch after accerlated testing	Yes
MS09-004 959420	Remote code	All systems with any version/edition or derivative of SQL Server including Windows versions with MSDE or Windows Internal Database	Yes / No	Yes	Important / 1 - Consistent exploit code likely	SQL Server 2000 SP4 MSDE 2000 SP4 2005 SP2 including Express Editions Windows Server 2003, 2008		Patch after testing	Yes
MS09-005 957634	Remote code	Workstations	No / No	No	Important / 2 - Inconsistent exploit code likely	Visio 2002, 2003, 2007		Patch after testing	Yes
		Shavlik NetChk Protect An award winning solution that simplifies and accelerates the detection and remediation of gaps in your system security, resulting in an enterprise that is ready to improve the speed, accuracy and productivity of its IT security and compliance operations – in physical and virtual environments.

Please register for my next webinars: When Good Admins Go Bad: The Critical Need for Log Management as a Deterrent/Detective Control .  This is real training for free.    

Thanks as always for reading and best wishes on security,
Randy Franklin Smith

---

Subscription Information

 

Click here to change your email address or control what types of information you receive.

 

You can unsubscribe below but try fine-tuning what type of information I send you.  I have 5 different categories emails I send out - you can choose which to receive .

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.