Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > newsletter > archive > issue #26

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Ultimate Windows Security Newsletter:

Issue #26, 10/25/06

On Thursday Microsoft re-released MS06-061 (924191) but only for Windows 2000 SP4.  It wasn’t re-released due to any of the vulnerabilities described there-in being missed in the original MS06-061; it was because the patch missed setting the kill bit for the classes of the Microsoft XML Parser 2.6 ActiveX control – the version on Windows 2000 SP4.  The kill bit is an option you can set on an ActiveX control to completely prevent it from being loaded by Internet Explorer.  Microsoft does this when controls are discovered to be vulnerable to abuse by malicious web content.  For more information on the kill bit see knowledge base article 240797.

So how important is it to re-install MS06-061?

It’s not necessary in order to protect against the currently known vulnerabilities in Microsoft XML Parser.  But there’s probably more where those vulnerabilities came from – patches are after all just patches.  So installing the new version of MS06-061 provides some autoimmunity from those potential, yet-to-be-discovered holes from being exploited – at least through Internet Explorer. 

You may recall that I classified this one as primarily a Workstation and Terminal Server application mode risk and noted there wasn’t a huge rush to install it since details weren’t public.  Therefore if you are still testing MS06-061, do a little regression testing with the new version and roll it out.  And of course, if you don’t have Windows 2000 workstations or Terminal Servers you might not need to worry about it at all.

On Thursday, I’ll be presenting a free security log training session on how to track access control changes and I encourage you to register now.  Even if you can’t attend Thursday you’ll be able to view the recorded session at your convenience – but only if you register in advance. 

In part 2 of this series I will show you how to detect whenever permissions on critical folders and other objects are changed, who made the change and when. 

If you missed part 1 – let us know so that you can catch up in time for Thursday.

Title:   Tracking Access Control Changes Part 2

Date:  Thursday, October 26, 2006

Time:  12:00 PM EDT

Thanks for reading!

www.ultimatewindowssecurity.com

Additional Links

A
D
V

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map