Update on MS06-042 problems; if you haven't loaded MS06-040 install it YESTERDAY
Update on MS06-042 and MS06-040
MS06-042, the cumulative security patch for Internet Explorer (918899), has caused some real headaches for all of us in the user community and Microsoft. Actually, the real culprit may lie with the security researcher who broke with responsible disclosure. Here's what happened. After the release of MS06-042 some researchers discovered and privately reported to Microsoft a defect in the patch that causes a crash on IE 6.0 SP1 systems with MS06-042 installed. Worse still the crash was exploitable meaning that installation of the security update introduced a new security hole. Microsoft decided to hold off reporting this new vulnerability until they developed a fix. One of the researchers disagreed and went public about the defect and its exploit details. Microsoft is apparently having a difficult time fixing the problem which has forced them to delay the re-release of MS06-042.
So what should you do about MS06-042? Read on.
New White Paper by Randy Franklin Smith: Leveraging Business Value from Compliance Efforts
Compliance is costly, but the good news is that you can gain increased operational efficiencies when you do it right. It's a fact that much of your compliance requirements are simply well-established, best practices turned into legislation. But when it comes to complying, do you concentrate on form or function?
This white paper, written by security and control expert Randy Franklin Smith, shows how an informed compliance effort can serve as a business enabler. In particular:
- Determining key requirements of SOX, FISMA, etc. that offer potential value
- Understanding COBIT, ISO 17799 and ITIL and their relation to compliance
- Distinguishing form from function, when evaluating solutions
- Reaping increased efficiency
- Getting more from compliance solutions than just compliance
- Leveraging security as a business enabler
- Identifying compliance related product types with high business value
Download the paper today and learn how to get more than compliance from your compliance efforts.
What to do about MS06-042
Continue applying it. If you are/have applied it to IE 6.0 SP1 computers you should also implement the work around described in the latest security advisory - Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit. This workaround has you disable http 1.1 protocol in IE. You can use group policy to automate this change. Disabling http 1.1 won't impact the browsing of most sites.
Now, let's talk about MS06-040 which is the update to the nasty vulnerability in the Server service. Sometimes I hate being right. On Patch Tuesday I said MS06-040 "would be a prime candidate for a worm infection vector" and sure enough, along came Graweg Saturday night. The good news, if you are an XP and 2003 shop, is that Graweg only affected Windows 2000 systems but there's no reason to assume another exploit won't come along that spreads faster and does more damage. So I strongly encourage you to scan your network with MBSA and patch any systems missing MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution (921883) before it's too late.
Free Security Log Training: Track User Account Changes
Password Resets, Unlocks, Enables and More
Space is running out for our first training webinar based on my Security Log Secrets seminar. Register now so that you can attend for free next week.
Title: Monitoring User Accounts with the Windows Security Log
Date: Thursday, August 31, 2006
Time: 12:00 PM EDT
In this fast paced webinar, I will show you how to use the Windows security log to track status changes and other modifications to AD user accounts which is vital to good security and regulatory compliance. You will learn how to track password resets by the help desk, recognize previously disabled user accounts that are suddenly enabled, newly created user accounts and more. You will learn about crucial inconsistencies and undocumented phenomena in Windows 2000 and 2003 that cause a high number of false positives in typical security log reports and monitoring rules. With this information you'll be able to weed out the noise and concentrate on the real changes
Are you affected by regulatory compliance? You definitely are if you are in the health care or financial services industry or work for a publicly traded corporation or the federal government. Even if you work for a small business not directly subject to HIPAA, GLBA, SOX, FISMA, et al, chances are you will run into compliance sooner or later because a client company who is subject to compliance will request assurance from you regarding your security policies and procedures. A lot of money and time is being spent on compliance; billions every year. Is it well spent or wasted. That may depend on you. In a new whitepaper sponsored by Quest Software I tackle the challenge of how to get ROI out of all the effort and money spent on compliance. To download this free whitepaper, Leveraging Business Value from Compliance Efforts click here. You'll learn the principle intent behind each of the major compliance legislations, common compliance efforts that provide little business value and other strategies that actually accomplish something valuable for the business in addition to satisfying the auditors and how the Quest product line can help.
You'll find the whitepaper here:
That's it for now. I look forward to joining you next week for the webinar!
