Patch Tuesday Analysis for August 2007
So 9 security bulletins this month. All of them with the exception of MS07-049 impact workstations so unless you use Virtual Server, you server admins get off pretty easy this month. Across all the vulnerabilities is a piece of good news: none of them are public yet – that’s right – no zero day exploits this month so you can take your time testing
Everyone should note this point however: I don’t agree with the Important severity rating Microsoft assigned MS07-047, MS07-048 or MS07-049. These should all be Critical since they allow arbitrary code. Just because a setting isn’t turned on by default, or a user must click OK on a prompt, should not reduce severity.
Some of the other good news is that many of the vulnerabilities this month can be mitigated by implementing a workaround instead of installing the update – and most via group policy at that! There are a couple that require a command to be executed on the local computer to unregister a DLL or delete a registry key so you might think about configuring Startup scripts via group policy for those.
Be sure to check out the chart below. It has many more additional facts and tips.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS07-043
921503 | Arbitrary code
/ Windows, Visual Basic, Office for Mac | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Visual Basic 6.0
Office 2004 for Mac
Server 2003
| OLE Automation. Known issue for Visual Basic developers (KB921503) and users of 3rd party developed VB apps (KB921503) | Patch after testing. Check 3rd party apps. Developers, alert your users. | MS07-042
936227 | Arbitrary code
/ Windows, XML Core Services | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Vista
Office 2003
Office 2007
Word Viewer
Comp. Pack for Office 2007
Office Sharepoint Server 2007
Server 2003
Server 2008
Expression Web
Groove Server 2007
| XML Core Services may get installed by MS apps in addition to Windows. See KB269238 | Patch after testing | MS07-047
936782 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Vista
Server 2003
| Windows Media Player skins. Known issue with .SWF Flash files (KB936782) | Patch after testing or implement WMZ/WMD workaround | MS07-045
937143 | Arbitrary code
Denial of service
/ Windows Internet Explorer | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Vista
Server 2003
| Cumulative Update includes non-security fixes. Known issue in KB937143. Sets kill bits for several non-MS ActiveX controls | Patch after testing | MS07-049
937986 | Arbitrary code
/ Virtual PC Virtual Server | Virtual PC
Virtual Servers
| No/No | No | Critical | Virtual PC 2004
Virtual Server 2005
Virtual PC for Mac 6.1
Virtual PC for Mac 7
| None | Install patch or upgrade to latest version | MS07-048
938123 | Arbitrary code
/ Windows | Workstations
| No/No | Yes | Critical | Vista
| Vista Gadgets | Patch after testing or use one of the workarounds supported by group policy | MS07-050
938127 | Arbitrary code
/ IE | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Vista
Server 2003
| Disable Vector Markup Language | Patch after testing or implement workaround | MS07-046
938829 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Server 2003
| W2003 SP2 not affected | Patch after testing | MS07-044
940965 | Arbitrary code
/ Office Excel | Workstations
Terminal Servers
| No/No | Yes | Critical | Office 2000
Office XP
Office 2003
Office 2004 for Mac
| None | Patch after testing or use Office File Block policy workaround |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|