This month we have the dubious privilege of witnessing a 2nd Patch Tuesday. Today Microsoft released MS06-055 to address the Vector Markup Language vulnerability that reared its ugly head last week. Read on for the usual chart providing need-to-know information at-a-glance for this critical vulnerability.
1 New Bulletin Re-release
KB # |
Exploit type |
Principle type of systems exposed* |
Exploit details public? |
Currently being exploited? |
MS severity rating |
Vulnerable Windows versions |
Reboot? |
Notes |
Randy’s recommendation |
2000 |
XP |
2003 |
925486
MS06-055 |
Arbitrary code |
Workstations |
Yes |
Yes |
Critical |
All |
All |
All |
No |
Vector Markup Language (VML) |
This important, remote code vulnerability affects… |
*LEGEND: WS-Workstations, TS-Terminal Servers accessible to end users |
Y-restart required N-restart not required M-restart may be required P-restart probably will not be required. |
Also, released today is a re-release of MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958). Don’t worry about it unless you’ve already installed MS06-049 on a Windows 2000 computer (XP and 2003 were never impacted by this one) where you are using NTFS compression. If so you will definitely want to install this new version of the update to prevent corruption of compressed files larger than 4k.
Finally, be aware of a yet-to-be-patched vulnerability in an ActiveX control called Microsoft DirectAnimation Path which is part of daxctle.ocx. This is a publicly disclosed vulnerability but Microsoft says they have no reports of exploitation in actual attacks. The security advisory at http://www.microsoft.com/technet/security/advisory/925444.mspx provides a number of workarounds you may consider until a update is released. I recommend the “Modify the Access Control List on Daxctle.ocx to be more restrictive” workaround as the most effective and easiest to push out and later remove since you can use group policy.
Tomorrow I’ll be presenting a free security log training session on how to track access control changes and I encourage you to register now. Even if you can’t attend tomorrow you’ll be able to view the recorded session at your convenience – but only if you register today.
Being able to monitor and respond to changes in privileged and end-user access is critical for protecting critical systems and sensitive information. HIPAA, SOX, FISMA, GLBA all share access control over privileged information or access as a common requirement. In this 2 part series I will show you how to detect access changes at both the object permission level and group membership. Tomorrow we will focus on tracking changes in group membership using the Windows security log.
Don’t miss out. Remember you can view the recorded session at your convenience but only if you register prior to the live event. Click here to register now!
This is real training with opportunity for Q&A!
Title: Tracking Access Control Changes Part 1
Date: Thursday, September 28, 2006
Time: 12:00 PM EDT
Until tomorrow, happy patching!
