Patch Tuesday Analysis for December 2007

If you are a server only admin you can rest easy this month except for any servers that have MS Message Queuing installed or Windows Media Servers – those are the only 2 patches that really apply to servers and since neither patch is public you can take your time testing.

If you secure workstations your month is very different. Six of the patches are targeted directly at workstations and 2 are public meaning you need to immediately implement available workarounds or push the patch out with little or no testing. 

Don’t forget that you can use group policy for automating many workarounds. For instance this month you could use group policy to:

  1. Disable the MSMQ service (MS07-65)
  2. Disable SMBv2 via a custom administrative template (MS07-063)
  3. Set deny permissions on quartz.dll (MS07-064, 067 and 068)
  4. Disable Active Scripting and ActiveX (MS07-069)

And here's the chart...

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS07-065

937894
Arbitrary code

/ Windows
Servers
No/NoYesImportant Win2000
XP
MSMQ is not installed by default; Restart requiredDisable Message Queuing via group policy; Patch after testing
MS07-064

941568
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoYesCritical Win2000
XP
Vista
Server 2003
DirectX; restart may be required when patching; workaround reduces functionalityPatch after testing or implement workaround permissions change with gro
MS07-068

941569
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoYesCritical Win2000
XP
Vista
Server 2003
Windows Media Format; no workaround for servers; restart not required if service can be stoppedPatch after testing or, in case of workstations, implement workaround permissions change with group policy
MS07-069

942615
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/YesYesCritical Win2000
XP
Vista
Server 2003
Internet Explorer 6 & 7 multiple vulnerabilities; restart requiredPatch after testing or, in case of workstations, implement workaround permissions change with group policy
MS07-063

942624
Arbitrary code

/ Vista Only
Workstations
No/NoYesImportant Vista
SMBv2 signingTemporarily disable SMBv2; Patch after testing. Create a custom administrative template to implement the workaround automatically via group policy. Use http://www.ultimatewindowssecurity.com/killbit.asp as a guide
MS07-066

943078
Denial of service

/ Vista Only
Workstations
No/NoNoImportant Vista
Restart requiredPatch after testing – if your end users are not already local administrators
MS07-067

944653
Privilege elevation

/ Windows
Workstations
Terminal Servers
Yes/YesYesImportant XP
Server 2003
Macrovision DriverDisable secdrv.sys; Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.