Patch Tuesday Analysis for July 2008
This month there are just four security bulletins to deal with. All are rated ‘important’ by Microsoft. The Outlook Web Access Server and SQL Server patches will probably require the most testing.
The most urgent bulletin is the MS08-038 remote code patch for Windows Explorer since it is public but really is only an issue for Vista workstations. MS08-038 addresses an auto-play vulnerability and a vulnerability in the saved search feature of Explorer. Auto-play can be disabled via group policy. The other vulnerability in the saved-search feature has already been disclosed so we recommend you fast-track the update. The workarounds may cause more trouble than they’re worth when users start complaining.
The most interesting one in my opinion is MS08-037 which impacts all workstations and servers except Vista – this is because it addresses a hole in not just the DNS server but also the DNS client component – and every computer is a DNS client. DNS spoofing can be very detrimental if exploited by a skilled attacker.
A note about MS08-030 that was released last month: The package for Windows XP was updated on June 19. Make sure you have the latest one, especially if you have Bluetooth enabled.
MS08-039 has a long list of file changes. Watch Microsoft’s kb article for known issues. None are listed at present. MS08-040 also has a long list of file changes. The installer may stop dependent services. Check Microsoft’s kb article for information on this and other known issues. You may be surprised at how many workstations now use the SQL server product since a stripped down version is sometimes given different names.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS08-040
941203 | Privilege elevation
Information disclosure
/ SQL Server | SQL Server Systems
| No/No | No | Important | SQL Server 2000
SQL Server 2005
WMSDE
WYukon
| Restart req’d; Multiple vulnerabilities addressed | Patch after normal testing | MS08-038
950582 | Arbitrary code
/ Windows Explorer | Workstations
Terminal Servers
| Yes/No | Yes | Important | Vista
Win2008
| Restart req’d; Workarounds will disable saved search feature | Patch after minimal testing | MS08-037
953230 | Spoofing
/ Windows DNS | Workstations
Terminal Servers
Servers
| No/No | No | Important | Win2000
XP
Win2003
Win2008
| Restart Req’d; Both DNS Clients and Servers affected | Patch after normal testing | MS08-039
953747 | Privilege elevation
/ Exchange Outlook Web Access | Servers
| No/No | No | Important | Exchange 2000
Exchange 2007
| Client’s email at risk | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|