Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > newsletter > archive > issue #9

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Ultimate Windows Security Newsletter:

Issue #9, 12/13/05

In this issue:

- Upcoming Public Courses
- Randy's Independent Insights on Today's Bulletins
- Quotes from Last Week's Attendees...
- Subscribe, Unsubscribe and Usage Information


This Month's Security Updates from Microsoft

Today Microsoft released 2 security updates.  One affects the Windows kernel and the other impacts Internet Explorer.  Both present risks primarily to workstations and Terminal Services hosting end-user applications.  The kernel update impacts Windows 2000 only.  Many organizations will be able to limit their effort to deploying just the IE update to their desktops.



Quotes from Last Week's Attendees to Security Log Secrets in Boston

Here's what some of the attendees said when asked what they liked about the course:

- "I got what I came for.  This is exactly what I wanted to get out of it."

- "Good materials and teacher"

- "Detailed event code information and live examples"

- "The Logparser examples"

For course dates, see below.  To learn more about Security Log Secrets, visit http://www.ultimatewindowssecurity.com/news/sls55.html



MS05-054 - Cumulative Security Update for Internet Explorer (905915)

This critical bulletin addresses a multitude of vulnerabilities in Internet Explorer 5 and 6 on all versions of Windows and I recommend installing it as soon as possible on systems where interactive users browse the Internet, read email or engage in other activities that can result in using Internet Explorer to view web content from untrusted or unknown sources.  Such systems would include workstations and Terminal Services servers that host end-user application accounts.  You may be able to avoid loading this patch on most other servers provided administrators follow best practice and refrain from web browsing, reading email and similar activities that bring them into contact with untrusted content. 

Before applying this patch I recommend testing it on your typical workstation build and reviewing the known issues with this update as documented in MS knowledge base article 905915.  (At the time of writing 905915 was not available at Microsoft's site so I am not able to provide comments on it. One of the issues pertains to version issues between different hotfixes so review it carefully when it becomes available.) 

Bottom line:  End-user computers need this patch.  The workarounds listed by Microsoft are not practical for most business environments.



Complete Windows Security

Learn everything there is to know about Windows and Active Directory security in 5-days. Visit http://www.ultimatewindowssecurity.com/news/cws55.html


MS05-055 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)

This vulnerability affects only Windows 2000 service pack 4 systems.  (Previous Windows 2000 service packs no longer receive security support from Microsoft.)  Further, this vulnerability is only a likely risk for Windows 2000 workstations and Terminal Servers where non-administrators log on through Remote Desktop Protocol.  End-users could exploit this vulnerability with a specially crafted application to elevate their privileges on their workstation or Terminal Server.  Other attackers would have to engineer a situation that results in the execution of a specially crafted application. 

Bottom line: I recommend installing this patch (after testing) on Windows 2000 workstations and Terminal Services servers where end-users log on.



Upcoming Public Courses

To view the entire course schedule please visit http://www.ultimatewindowssecurity.com/news/reg55.html

Complete Windows Security
1/23/06 - 1/27/06 - Washington, D.C.
Register before December 23 to save $100.

Security Log Secrets
2/6/06 - 2/7/06 - Orlando
Register before January 9th to save $100. 

Last week's Security Log Secrets seminar in Boston was the first seminar to use a revised and enhanced version of the courseware.  The new courseware includes a new chapter on using Logparser to mine the security as well as sample Logparser scripts at the end of chapters devoted to Account Logon, Logon/Logoff, Account Management and more. 

Regards,

Randy Franklin Smith
CISA, SSCP, Microsoft Security VIP
CEO, Monterey Technology Group, Inc.


Subscribe, Unsubscribe and Usage Information

- subscribe to this newsletter
- unsubscribe from this newsletter
- usage information

If you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.

Also, if you want to unsubscribe, you can do that too (but we'll be sad to see you go).

You can use this information as you see fit, but if you're going to copy any portion, please FORWARD THE ENTIRE email.

While Monterey Technology Group, Inc. tries to ensure that all information is technically accurate, we make no warranty with regard to the information within. Please use at your own risk.

If you need personalized attention in any way, just email me: mailto:info@montereytechgroup.com. We endeavor to respond to everyone who emails.

Thanks for reading!

List address: MonthlySecurityTip@ultimatewindowssecurity.com
Subscribe: MonthlySecurityTip-subscribe@ultimatewindowssecurity.com
Unsubscribe: MonthlySecurityTip-unsubscribe@ultimatewindowssecurity.com

Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map