It’s been fairly quiet on the Microsoft security front since last Patch Tuesday so I’ve resisted needlessly adding to your email burden. Here’s a sum-up until next Patch Tuesday unless something big comes along before then.
1. No new vulnerabilities or re-releases that are important to you unless you are supporting Office 2000. If so, make sure you’ve deployed the re-release of MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) and a zero-day vulnerability Word 2000 - (932114) that remains unpatched at time of writing.
2. Upgrading is good for security. I don’t own an MSFT stock (except maybe indirectly through my SPY shares) but maybe I should because there’s no denying the fact that you are susceptible to fewer security vulnerabilities, the more up-to-date you remain with their software. See point #1 and so many of the vulnerabilities in the past year. Microsoft code is becoming more hardened. More secure maybe but not more stable. My stability has gone backwards by about 10 years since upgrading to Vista and Office 2007. Maybe its driver issues…
3. Other people have noticed the ActiveX vulnerability trend I mentioned recently. In fact Symantec’s Greg Ahmad notes that while there was one ActiveX vulnerability in 2001, there were 50 in 2006 with the most being reported in the 4th quarter of 2006. More for 2007 – probably. Greg notes you can set the kill bit to completely disable and mitigate the risk of specific ActiveX controls. Allow me to toot my horn that I provided a video pod cast entitled “Death of an ActiveX Control” last year that shows you how to leverage group policy to automate the configuration of ActiveX killbits. See http://www.ultimatewindowssecurity.com/killbit.asp for more details.
Update on the poster: It’s been sent to the printers! Yes, finally. It took a lot of time and phone calling to line up the sponsors to pay for this but it’s done. Brad has developed a bit of tic from the whole ordeal but I think it gives him character. Anyway, it will be worth the wait. We didn’t cheap out on this. No folds marks in this poster. This cubicle fashion statement is coming to you in a cardboard tube neatly rolled so be on the lookout for it. It should land on you somewhere between the 8th and 28th of February. Thanks for your patience!
GFI, one of our sponsors, has recently released a major update to LANGuard S.E.L.M. and renamed it to EventsManager. I recently spoke with Andre Muscat, director of engineering for GFI EventsManager, about the enhancements built into Events Manager. I’ve watched GFI develop EventsManager (aka S.E.L.M.) over the years and it’s come along way, especially in this new release. If you are small to medium shop you should take a look at EventsManager – especially if an agentless architecture is important to you. And after looking at the reports I can see Andre and company have been studying my eBook! J Click here to read what I think stands out about GFI Events Manager.
Do you want to “grok” the Windows Security Log? I’ve got two ways to help you live. First at SANS 2007, April 5-6 in San Diego. If you know SANS you know why I’m proud to be a hosted event of SANS. In the meantime register for our next Security Log Secrets webinar!
“Catching Policy and Configuration Changes with the Security Log”
Real Training for Free:
This next webinar is going to show you how to find important security policy changes to your servers as soon as they happen. We’re talking about password policy, audit policy, user rights assignment and other high priority, suspicious events that could indicate either an intrusion or an innocent but dangerous “fat-finger” by an administrator. Some events tell you who made the change and others leaving you hanging. I’ll reveal the good, bad and ugly on that score so you don’t needlessly waste time looking for information that doesn’t exist.
If you miss the live event you will receive a link to watch the recorded version but only if you register prior to the event.
See you on February 15th, same Bat time, same Bat channel.
One other thing, now that Vista is “generally available” MAKE SURE YOU BUY VISTA ULTIMATE OR ENTERPRISE. These are the only editions that support the #1 security feature of Vista – BitLocker. Want to “grok” BitLocker? Go to http://www.ultimatewindowssecurity.com/bitlocker.asp. My BitLocker section of the site is just getting started but there’s already a lot of useful information. Really cool stuff will be added soon – including information about a biometrically controlled device for storing the BitLocker encryption key. To grok everything about Vista security, see my new course Total Vista Lockdown at http://www.ultimatewindowssecurity.com/tvl.asp.
Until next time – stay mitigated!
