Patch Tuesday Analysis for September 2007

Well, not a bad month all in all. The only patch I’m really concerned about is the one for back level versions of Windows Messenger and MSN Messenger. If your users don’t have the very latest version installed you are vulnerable to a remote, arbitrary code hack where in the bad guy takes over your user’s computer by initiated a web cam or video conversation. So tell you users not to accept such invitations and to allow the upgrade that Windows proposes the next time they logon to Messenger. Also, the bulletin omitted any details as to whether the patch was deployable via WSUS or detectable via MBSA. Weird. I haven’t tested either yet but I’m guessing “no”. This one is public so I encourage you to get the word out to your users right away!

MS07-051 is a non-urgent workstation patch which you can avoid by setting the kill bit on that infernal Microsoft Agent ActiveX control . See chart below for link to more information on killing ActiveX controls via group policy.

Other than that, if you have programmers on your network be sure to instruct them to refrain from opening RPT files attached to email or web pages (see below on MS07-52). Finally, if you use Services for Unix or the Unix subsystem in Windows you’ll be interested in MS07-053 which allows elevation of privilege through the setuid bit.

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation
MS07-051 938827	Arbitrary code / Windows	Workstations Terminal Servers	No/No	Yes	Critical	Win2000	Windows Agent Active X Control Restart required	Set kill bit or patch after testing.
MS07-053 939778	Privilege elevation / Windows Services for Unix	Workstations Terminal Servers Servers Domain Controllers	Yes/No	No	Important	Win2000 XP Vista Server 2003	Default setup does not include Services for Unix Restart required	Patch after testing
MS07-052 941522	Arbitrary code / Visual Studio	Programmer Workstations	Yes/No	Yes	Important	Visual Studio .NET 2002 Visual Studio .NET 2003 Visual Studio 2005	Crystal Reports Restart required? Maybe	Remove Crystal Reports and association with .rpt files; Patch after testing OR: inform and depend on programmers to refrain from opening RPT files received via email or download
MS07-054 942099	Arbitrary code / Windows Live Messenger MSN Messenger	Workstations Terminal Servers	Yes/No	No	Important	Win2000 XP Vista Server 2003	Patch prompts to upgrade Messenger Restart required? Yes, if messenger is active	You are immune if using Windows Messenger 8.1 or MSN Messenger 7.0.0820 Upgrade to Latest version of Messenger/Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime.

"Thank you. I am very glad I subscribed to this newsletter. Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

- Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

Upcoming Webinars

Additional Resources

Patch Analysis

•	Analysis Criteria
•	Patch Tuesday History
•	Research Patches

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2013 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.