Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > newsletter > archive > issue #15

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Ultimate Windows Security Newsletter:

Issue #15, 05/10/06

Today Microsoft released 3 security bulletins and I agree with Microsoft's severity rating on all 3. Read on for my analysis on all 3 bulletins.

MS06-019 - Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)

This one is a doozy! A bad guy creates a specially crafted email to someone in your organization with scheduling or calendar content in either iCal or vCal format (both are MIME types). When Exchange Server receives and processes the email the malformed iCal or vCal file tricks the server into running arbitrary code. Organizations should deploy this patch as soon as possible but since there are currently no reports of actual exploitation and at the time of writing no proof of concept code was public testing is appropriate since this patch affects a core component of Exchange. Moreover this patch includes a change in functionality affecting the SendAs permission. Before installing this patch, make sure you understand what changes with regard to SendAs and Full Mailbox Access permissions especially if your organization uses shared mail boxes, delegated SendAs or the following products: Research In Motion (RIM) Blackberry Enterprise Server
(BES) or Good Technology GoodLink Wireless Messaging.

MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)

Here's another interesting one. This is the first time in my memory that Microsoft has released a security update for a non-Microsoft product. The update patches vulnerability in Adobe's Flash Player which is redistributed by Microsoft in Internet Explorer on Windows XP service packs 1 and 2. You can use the Microsoft security update unless you've upgraded to Flash 7 or higher, which case you'll gave to deploy the update provided by Adobe at http://www.adobe.com/devnet/security/security_zone/apsb06-03.html. This vulnerability allows attackers to execute arbitrary code on a user's PC if they can succeed in getting the user to play malformed Flash content such as through email, a rogue website or a website that fails to prevent rogue content from being posted. I recommend that you install either the Microsoft or Adobe patch to workstations after fully testing it on a limited rollout.

*****************************************
Las Vegas: Security Log Secrets
*****************************************
I look forward to meeting those you who have already registered for Security Log Secrets in Las Vegas on June 19 and 20. We'll be within walking distance of the Strip so there's plenty of fun to be had after getting your head pumped full of knowledge about the Windows security log. The course content is better than ever with my new "Leveraging the Windows Security Log for Regulatory Compliance" session. Visit www.UltimateWindowsSecurity.com/reg for venue and registration information.

MS06-018 - Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)

This final bulletin deals with a denial of service vulnerability with Microsoft Distributed Transaction Coordinator which is used by SQL Server, BizTalk Server, Exchange Server, or Message Queuing and most server clusters. The denial of service effect is limited to MSDTC - it doesn't impact other services or functions on the system. Unless you use one of these products or some other application that depends on MSDTC you can avoid loading this patch and simply disable the MSDTC service on systems that don't require it using group policy. Note that MSDTC is present on Windows XP and Windows 2000 Professional.

That wraps it up for this month's bulletins folks. If you can join me in Las Vegas for Security Log Secrets or in Atlanta for Complete Windows Security let me know. And if you haven't checked out Prism Microsystem's EventTracker it's a compelling solution for security log management and compliance monitoring. www.eventLogManager.com/securitybulletin.htm

One other thing, browse over to my new blog "Windows Security, et al" for my viewpoints on Windows security and related issues. Recent posts:
- Engagent's UserLock fills 2 long standing gaps in Windows security
- Patch management is mostly a workstation issue right now
- Windows and Security in the same sentence?
Here's a link www.ultimatewindowssecurity.com/blog/

Yours truly,
Randy Franklin Smith
CISA, SSCP, Security MVP

 

List address: MonthlySecurityTip@ultimatewindowssecurity.com
Subscribe: MonthlySecurityTip-subscribe@ultimatewindowssecurity.com
Unsubscribe: MonthlySecurityTip-unsubscribe@ultimatewindowssecurity.com

Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map