Patch Tuesday Analysis for July 2009
July 29, 2009 Update
In an unusual step Microsoft released 2 Out-of-Band patches to address additional Active Template Libary vulnerabilities. Active Template Library is a coding tool frequently used by web developers to build COM based controls that run in Internet Explorer. For defense-in-depth layers at both the developer and end-user levels, Microsoft released patches for both Visual Studio (MS09-035) and Internet Explorer (MS09-034). While the vulnerability are not currenty public or being exploited to our knowledge, I recommend accelerated deployment since Microsoft released them out-of-band.
-------------------------------
Some confusing patches this week; made all the more complex given current zero-day exploits. Make sure you understand the ramifications of the patches you decide to deploy and pay special attention to whether you have utilized the "fix it" options in earlier security advisories on some of these issues. Depending on the patch you may need to uninstall the fix-it first - or just the opposite!
If you follow the best practice of not browsing multi-media sites and playing games the vulnerability that MS09-028 patches will not be a problem for servers. This is primarily a concern for workstations. The patch installs killbits. Don't uninstall the earlier fix-it in security advisory related to this. If you do it will cause problems with the installation of this patch. Several workarounds are available instead of the patch that will disable playback of some multimedia files.
Be careful with the fix-its. In the case of MS09-029, if you installed a particular workaround fix-it the patch will not install correctly. Therefore it must be disabled first. Just the opposite of MS09-28! Be sure to read all of the advisory notes.
The workaround for MS09-031 disables the default fallback to basic authentication (sometimes called standard authentication) for ISA server.
MS09-032 affects XP and 2003 but a patch is available for other systems to provide defense-in-depth.The patch installs killbits. Don't uninstall the earlier fix-it released with the 972890 Security Advisory released July 13. If you do it will cause problems with the installation of this patch.
Virtual PCs and Virtual servers are not at risk but the host systems are through an attack on the Virtual Machine Monitor. MS09-033 address this vulnerability.
The 973472 Security Advisory released July 13 involves an ActiveX vulnerability. You might have considered setting the kill bit but this should be tested thoroughly as this will break some functionality.
Happy patching!
| Bulletin | Exploit Types
/Technologies Affected | System Types Affected | Exploit
details public?
/ Being exploited? | Comprehensive,
practical
workaround
available? | MS severity rating | Products Affected | Notes | Randy's recommendation | MS09-029
961371 | Arbitrary code
/ Windows | Workstations
Terminal Servers
| No/No | Yes | Critical | Win2000
XP
Win2003
Vista
Win2008
| Restart Req'd | Patch after minimal testing | MS09-030
969516 | Arbitrary code
/ Office Publisher | Workstations
Terminal Servers
| No/No | Yes | Important | Office 2007
| Restart may be req'd | Patch after testing | MS09-035
969706 | Arbitrary code
/ ActiveX and Active Scripting | Developer Workstations
| No/No | No | Moderate | Visual Studio .NET 2003
Visual Studio 2005
Visual Studio 2008
| | Patch after testing | MS09-033
969856 | Privilege elevation
/ Virtual PC; Virtual Server | Workstations
Virtual Servers
| No/No | No | Important | Virtual PC 2004
Virtual Server 2005
Virtual PC 2007
| Restart Req'd; Only guest OS vulnerable | Patch after testing | MS09-031
970953 | Privilege elevation
/ ISA Server | Servers
| No/No | Yes | Important | ISA Server 2006
| Restart Req'd | Patch after testing | MS09-028
971633 | Arbitrary code
/ DirectShow (Quick Time files) | Workstations
Terminal Servers
| Yes/Yes | Yes | Critical | Win2000
XP
Server 2003
| DirectX; Restart may be req'd | Patch after minimal testing | MS09-034
972260 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| No/No | No | Critical | Win2000
XP
Win2003
Vista
Win2008
| | Patch after testing | MS09-032
973346 | Arbitrary code
/ Internet Explorer | Workstations
Terminal Servers
| No/Yes | Yes | Critical | XP
Server 2003
| Patch available for other OSs | Patch after testing |
Receive Randy's same-day, independent analysis each Patch Tuesday
Email:
We will not share your address. Unsubscribe anytime.
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Tuesday Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|