Patch Analysis for December 2005
Today Microsoft released 2 security updates. One affects the Windows kernel and the other impacts Internet Explorer. Both present risks primarily to workstations and Terminal Services hosting end-user applications. The kernel update impacts Windows 2000 only. Many organizations will be able to limit their effort to deploying just the IE update to their desktops.
MS05-054 - Cumulative Security Update for Internet Explorer (905915)
This critical bulletin addresses a multitude of vulnerabilities in Internet Explorer 5 and 6 on all versions of Windows and I recommend installing it as soon as possible on systems where interactive users browse the Internet, read email or engage in other activities that can result in using Internet Explorer to view web content from untrusted or unknown sources. Such systems would include workstations and Terminal Services servers that host end-user application accounts. You may be able to avoid loading this patch on most other servers provided administrators follow best practice and refrain from web browsing, reading email and similar activities that bring them into contact with untrusted content.
Before applying this patch I recommend testing it on your typical workstation build and reviewing the known issues with this update as documented in MS knowledge base article 905915. (At the time of writing 905915 was not available at Microsoft's site so I am not able to provide comments on it. One of the issues pertains to version issues between different hotfixes so review it carefully when it becomes available.)
Bottom line: End-user computers need this patch. The workarounds listed by Microsoft are not practical for most business environments.
MS05-055 - Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
This vulnerability affects only Windows 2000 service pack 4 systems. (Previous Windows 2000 service packs no longer receive security support from Microsoft.) Further, this vulnerability is only a likely risk for Windows 2000 workstations and Terminal Servers where non-administrators log on through Remote Desktop Protocol. End-users could exploit this vulnerability with a specially crafted application to elevate their privileges on their workstation or Terminal Server. Other attackers would have to engineer a situation that results in the execution of a specially crafted application.
Bottom line: I recommend installing this patch (after testing) on Windows 2000 workstations and Terminal Services servers where end-users log on.
|System Types Affected||Exploit|
/ Being exploited?
|MS severity rating||Products Affected||Notes||Randy's recommendation|
|Arbitrary code |
|Yes/No||Yes||Critical ||XP |
Datacenter Server 2000
Small Business Server 2003
Small Business Server 2000
|End-user computers need this patch. The workarounds listed by Microsoft are not practical for most business environments. ||I recommend installing it as soon as possible on systems where interactive users browse the Internet, read email or engage in other activities that can result in using Internet Explorer to view web content from untrusted or unknown sources.|
|Privilege elevation |
|No/No||No||Important ||Win2000 |
Small Business Server 2000
|This vulnerability affects only Windows 2000 service pack 4 systems.||I recommend installing this patch (after testing) on Windows 2000 workstations and Terminal Services servers where end-users log on.|
Receive Randy's same-day, independent analysis each Patch Tuesday
We will not share your address. Unsubscribe anytime.
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The “Randy’s Recommendation” comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.