Patch Tuesday Analysis for July 2008

This month there are just four security bulletins to deal with. All are rated ‘important’ by Microsoft.  The Outlook Web Access Server and SQL Server patches will probably require the most testing.  

The most urgent bulletin is the MS08-038 remote code patch for Windows Explorer since it is public but really is only an issue for Vista workstations.  MS08-038 addresses an auto-play vulnerability and a vulnerability in the saved search feature of Explorer. Auto-play can be disabled via group policy. The other vulnerability in the saved-search feature has already been disclosed so we recommend you fast-track the update. The workarounds may cause more trouble than they’re worth when users start complaining.

The most interesting one in my opinion is MS08-037 which impacts all workstations and servers except Vista – this is because it addresses a hole in not just the DNS server but also the DNS client component – and every computer is a DNS client.  DNS spoofing can be very detrimental if exploited by a skilled attacker. 

A note about MS08-030 that was released last month: The package for Windows XP was updated on June 19. Make sure you have the latest one, especially if you have Bluetooth enabled.

MS08-039 has a long list of file changes. Watch Microsoft’s kb article for known issues. None are listed at present.  MS08-040 also has a long list of file changes. The installer may stop dependent services. Check Microsoft’s kb article for information on this and other known issues. You may be surprised at how many workstations now use the SQL server product since a stripped down version is sometimes given different names.
BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS08-040

941203
Privilege elevation
Information disclosure

/ SQL Server
SQL Server Systems
No/NoNoImportant SQL Server 2000
SQL Server 2005
WMSDE
WYukon
Restart req’d; Multiple vulnerabilities addressedPatch after normal testing
MS08-038

950582
Arbitrary code

/ Windows Explorer
Workstations
Terminal Servers
Yes/NoYesImportant Vista
Win2008
Restart req’d; Workarounds will disable saved search featurePatch after minimal testing
MS08-037

953230
Spoofing

/ Windows DNS
Workstations
Terminal Servers
Servers
No/NoNoImportant Win2000
XP
Win2003
Win2008
Restart Req’d; Both DNS Clients and Servers affectedPatch after normal testing
MS08-039

953747
Privilege elevation

/ Exchange Outlook Web Access
Servers
No/NoNoImportant Exchange 2000
Exchange 2007
Client’s email at riskPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.