Patch Tuesday Analysis for April 2009
If you manage workstations this will be a busy month. Microsoft encourages us to act quickly with the bold note on many of the updates: "This vulnerability is currently being exploited in the Internet ecosystem." This is the strongest language I've seen on any of the comments in the new Exploitability Index since Microsoft began using it last October. Not only is exploit code likely but it's in the wild.
Those charged with updating servers will have it a little bit easier. The patches apply to all but as long as best practices are followed, only MS09-016 focuses on servers.
MS09-012 addresses a vulnerability that has been known for over a year. There are some interesting comments on this at http://blogs.technet.com/msrc/archive/2009/04/14/token-kidnapping.aspx. Microsoft indicates that extensive testing has been done on this already. At this point I recommend installing after minimal testing of applications that Microsoft might have missed. You may need to update some 3rd party applications that may be vulnerable as well.
MS09-013 - The vulnerability in in WinHTTP which is not used by Internet Explorer but it is used by other components of Windows such as Universal Plug and Play. WinHTTP allows an application to send HTTP requests to other servers.
MS09-014 is a cumulative update of IE. Note that IE 8 is not affected by the vulnerabilities. However it may be too early for a full scale deployment of the new browser.
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS09-015
959426 | Privilege elevation
/ Windows | Workstations
Terminal Servers
| Yes/No | No | Moderate | Win2000
XP
Win2003
Win2008
| Search Path Modification | Patch after testing | MS09-012
959454 | Privilege elevation
/ Windows | Workstations
Terminal Servers
SQL Server Systems
| Yes/Yes | No | Important | Win2000
XP
Win2003
Vista
Win2008
| Token Kidnapping | Patch after minimal testing | MS09-010
960477 | Privilege elevation
/ Windows (Wordpad), MS Office (Word Component) | Workstations
Terminal Servers
| Yes/Yes | No | Critical | Win2000
Win2003
Office 2000
Office XP
| | Patch after accelerated testing | MS09-013
960803 | Arbitrary code
/ Windows - WinHTTP | Workstations
Terminal Servers
| Yes/No | No | Critical | Win2000
XP
Win2003
Vista
Win2008
| | Patch after testing | MS09-011
961373 | Arbitrary code
/ Windows Direct Show, DirectX | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Win2003
| | Patch after testing | MS09-016
961759 | Denial of service
| Servers
| Yes/No | No | Important | Forefront TMG MBE
ISA Server 2004
ISA Server 2006
| | Patch after testing | MS09-014
963027 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| Yes/No | No | Critical | Win2000
XP
Win2003
Vista
Win2008
| Cumulative Security Update/IE8 not affected | Patch or upgrade | MS09-009
968557 | Arbitrary code
/ Microsoft Office (Excel Component) | Workstations
Terminal Servers
| Yes/Yes | No | Critical | Office 2000
Office XP
Office 2003
Office 2007
Office 2004 for Mac
Comp. Pack for Office 2007
| | Patch after accelerated testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|