I have 2 issues to share with you midway between last and coming Patch Tuesday but first a word from our sponsor.
Hiccups with MS06-034: You May Not Be Patched After All
If you are running IIS on Windows Server 2003 SP1 you know doubt already tried to install MS06-034 (917537) to fix the ASP vulnerability but if IIS was currently running the install may have failed without your knowledge. The problem is now fixed. I suggest you re-run Windows Update detection.
Yet Another Zero-Day Vulnerability – This Time PowerPoint
Within days of last Patch Tuesday news surfaced about a PowerPoint vulnerability being exploited in targeted attacks. This seems to be a trend. Get ready to test a PowerPoint patch 2 weeks from now. Until then your options are limited: 1) Block Power Point files at the gateway 2) Warn users not to open Power Point files they receive unexpectedly in emails. 3) Keep your AV up-to-date and leverage multiple AV engines.
It seems I’m not the only one who sees potential pitfalls as Microsoft revs up it’s entry into the anti-malware market.
Last month I discussed the importance of information sharing by Microsoft with AV vendors to help them get crucial detection logic out for these file based zero-day exploits. On Slashdot today, scuttlemonkey noted some reports that the information wasn’t as good at this year’s Microsoft Security Response and Safety Summit and pondered how Microsoft’s entry to AV will affect the free flow of information.
I don’t think Microsoft is dumb enough to withhold information just to give their own AV solution a leg up but just a perception of that would be damaging enough. Microsoft needs to maintain an equal opportunity channel of information that ensures their security partners have access to the same information at the same time as their own AV product group.
Seats are almost gone for Security Log Secrets in San Francisco for August 7 and 8.
Attendees to this event will get a special treat – I’m adding a section to the course entitled “Filtering Out the Noise”.
I receive frequent queries like “What events are safe to filter out?” or “How can I reduce the amount of junk in my logs?” and this new section will answer those questions and more. Visit http://www.ultimatewindowssecurity.com/register.asp for more information.
Yours truly,
Randy Franklin Smith
CISA, SSCP, Security MVP
