We finally have patches for some nasty zero-day exploits in Office and there are new updates for some exploits that I think will be very attractive to worm writers.
7 Microsoft Security Bulletins for July 2006
Today Microsoft released 7 bulletins that cover every supported version of Windows and Office – including the Mac versions of Office. Web server admins will want to pay particular attention to MS06-033 and MS06-034 which impact ASP.NET 2.0 and ASP respectively. Both workstations and servers are vulnerable to MS06-035 – especially if you have the Messenger or Alerter services started. All Windows computers that have the DHCP Client service started need to install MS06-036 which I think will be very attractive as a worm infection vector. Finally, MS06-037,038 and 039 impact every version of Office and some related applications including Project, Visio, OneNote and Visual Studio including the 2 zero-day exploits. All in all I recommend installation of all of these updates. For my detailed analysis of these bulletins and further recommendations visit www.ultimateWindowsSecurity.com.
KB # |
Principle type of systems exposed* |
MS severity rating |
Vulnerable Windows versions |
Restart req'd?* |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
917283 |
Web servers |
Important |
All |
All |
All |
Unlikely |
ASP.NET |
Patch after full testing |
917537 |
Web servers |
Important |
All |
All |
All |
Unlikely |
ASP |
Patch after full testing |
917159 |
All – especially if Alerter or Messenger services started |
Critical |
All |
All |
All |
Yes |
Close TCP 445 |
Patch or use workarounds |
914388 |
All DHCP clients |
Critical |
All |
All |
All |
Yes |
DHCP client |
Patch ASAP |
917285 |
WS and TS |
Critical |
All versions of Office including Mac. Project, Visio, Visual Studio, OneNote, et al. |
Maybe |
Excel |
Patch ASAP |
917284 |
WS and TS |
Critical |
Maybe |
MS Office |
Patch ASAP |
915384 |
WS and TS |
Critical |
Maybe |
MS Office |
Patch ASAP |
*LEGEND: WS-Workstations, TS-Terminal Servers accessible to end users |
Y-restart required N-restart not required M-restart may be required P-restart probably will not be required. |
Leverage MOM for Security Surveillance and Compliance Reporting
The Security Control Management Pack family is a collection of MPs designed to extend auditing and reporting services for key Security Control areas of Windows Server Technology. I know Secure Vantage products work because I help design them.
By integrating the notification, auditing and reporting services of these MPs organizations will have extensive operations and reporting capabilities previously not available. Secure Vantage currently provides the System Controls MP (SCMP) for Microsoft Operations Manager 2005 which provides Windows Server System Security auditing and reporting services.
Moving forward with System Center Operations Manager 2007 and the Audit Collection Service (ACS) our solutions will integrate to provide the next generation of Windows Server Security Technology defining new levels of Security Management.
I’m getting tired of hearing about companies allowing the disclosure of confidential information on unencrypted laptops and I’m thinking about doing something about it. What do you think of a Page of Shame for companies that don’t encrypt laptops, don’t prevent employees from loading the same laptops up with confidential customer information and then allow the laptops to fall into the wrong hands?
I’d like to hear from more of you about your log management needs. Do you have a log management solution deployed? Are you happy with it? What are your pain points? Lack of built-in reports that convert raw data of your logs into informative, useful information? Are you tired of wading through reams of reports, manually filtering out the “noise” and attempting to interpret arcane event codes?
Let me know in general what we can do to make your information security life better. We’ll do our best.
Yours truly,
Randy Franklin Smith
Disclaimer: We do our best to provide quality information and expert commentary but use all information or recommendations herein at your own risk.
