Patch Tuesday Analysis for November 2005
Just one patch this month but it's important for workstations and terminal servers.
MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
This critical bulletin addresses remote code, root privilege and denial of service risks but it mostly a workstation issue. The patch actually fixes 3 different vulnerabilities that all reside in the same files. At least one of the 3 security holes expose Windows XP SP2 and 2003 SP1 to critical risk but the general trend holds true that vulnerabilities being discovered have less impact on these 2 latest versions of Windows. Getting your system upgraded to these 2 baselines will definitely pay off.
To exploit these vulnerabilities a user must open a specially crafted WMF (Windows Meta File) or EMF (Enhanced Meta File). WMF and EMF files are image file formats designed for optimization on Windows systems. Therefore this patch is very important on workstations and terminal servers running in application mode. Provided you practice safe administration when logged on to normal servers you may well choose to defer installing this patch on servers like domain controllers, file, application and database servers. Safe administration means not browsing the web or opening application documents or other files that might have come from the web.
The more less you do interactively on a server the better. In fact the highest form isolating servers from interactive and local execution risks like those in this patch is to implement a Terminal Services Administration Point (TSAP). With a TSAP you avoid 2 pitfalls simultaneously: using admin privileges at your workstation as well as eliminating the server risks related to interactive logons and local execution. In my Complete Windows Security course I show you how to setup a TSAP between your workstation and servers for the best of all worlds.
|System Types Affected||Exploit|
/ Being exploited?
|MS severity rating||Products Affected||Notes||Randy's recommendation|
|Arbitrary code |
|Yes/No||No||Critical ||Win2000 |
Small Business Server 2003
Small Business Server 2000
|Getting your system upgraded to these 2 baselines will definitely pay off.||Therefore this patch is very important on workstations and terminal servers running in application mode.|
Receive Randy's same-day, independent analysis each Patch Tuesday
We will not share your address. Unsubscribe anytime.
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.