Patch Tuesday Analysis for December 2007
If you are a server only admin you can rest easy this month except for any servers that have MS Message Queuing installed or Windows Media Servers – those are the only 2 patches that really apply to servers and since neither patch is public you can take your time testing.
If you secure workstations your month is very different. Six of the patches are targeted directly at workstations and 2 are public meaning you need to immediately implement available workarounds or push the patch out with little or no testing.
Don’t forget that you can use group policy for automating many workarounds. For instance this month you could use group policy to:
- Disable the MSMQ service (MS07-65)
- Disable SMBv2 via a custom administrative template (MS07-063)
- Set deny permissions on quartz.dll (MS07-064, 067 and 068)
- Disable Active Scripting and ActiveX (MS07-069)
And here's the chart...
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS07-065
937894 | Arbitrary code
/ Windows | Servers
| No/No | Yes | Important | Win2000
XP
| MSMQ is not installed by default; Restart required | Disable Message Queuing via group policy; Patch after testing | MS07-064
941568 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Vista
Server 2003
| DirectX; restart may be required when patching; workaround reduces functionality | Patch after testing or implement workaround permissions change with gro | MS07-068
941569 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Vista
Server 2003
| Windows Media Format; no workaround for servers; restart not required if service can be stopped | Patch after testing or, in case of workstations, implement workaround permissions change with group policy | MS07-069
942615 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/Yes | Yes | Critical | Win2000
XP
Vista
Server 2003
| Internet Explorer 6 & 7 multiple vulnerabilities; restart required | Patch after testing or, in case of workstations, implement workaround permissions change with group policy | MS07-063
942624 | Arbitrary code
/ Vista Only | Workstations
| No/No | Yes | Important | Vista
| SMBv2 signing | Temporarily disable SMBv2; Patch after testing. Create a custom administrative template to implement the workaround automatically via group policy. Use http://www.ultimatewindowssecurity.com/killbit.asp as a guide | MS07-066
943078 | Denial of service
/ Vista Only | Workstations
| No/No | No | Important | Vista
| Restart required | Patch after testing – if your end users are not already local administrators | MS07-067
944653 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| Yes/Yes | Yes | Important | XP
Server 2003
| Macrovision Driver | Disable secdrv.sys; Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|