Patch Analysis for July 2007

6 Patches released today. Most are affecting workstations. One unusual exploit is affecting Active Directory. We know your DCs aren’t directly connected to the internet so you probably already have some workarounds enabled. And of course you have a firewall…Pay particular attention to Windows 2000 Server since an anonymous user with access to the network (oh no!) could deliver a specially crafted LDAP packet to the affected system in order to exploit this vulnerability. Pay particular attention to this one. If you don’t have the workarounds in place, check your firewall and/or routers quickly! This one is a good exercise for all AD admins to look at. Follow the best practices and you won’t have to hurry home from vacation. Of note too is the exploit only affecting Vista. Teredo has to do with the network address translation of IPv6 traffic. This patch involves changes to the firewall and it seems this would be easier to implement that the workarounds.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
MS severity ratingProducts AffectedNotesRandy's recommendation

Arbitrary code
Denial of service

/ Active Directory
Domain Controllers
No/NoYesCritical Server 2003
Server 2000
Severity is important on Windows 2003Block affected port(s) if exposed to internet; Patch after testing

Arbitrary code

/ .NET Framework
Web Servers
No/NoYesCritical Win2000
Server 2003
Server 2008
Information disclosure on Web servers with ASP.NETUse workarounds; Patch after testing

Arbitrary code

/ Windows Firewall
No/NoYesModerate Vista
Teredo network interfacePatch after testing

Arbitrary code

/ Office Excel
Terminal Servers
No/NoYesCritical Office 2000
Office XP
Office 2003
Office 2007
Office 2004 for Mac
Excel including Office 2007 Compatibility PackPatch after testing

Arbitrary code

/ Office Publisher
Terminal Servers
No/NoYesImportant Office 2007
NonePatch after testing

Arbitrary code

No/NoYesImportant XP
XP Professional 32-bit onlyPatch after testing if IIS is installed.

Receive Randy's same-day, independent analysis each Patch Tuesday

We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.


Additional Resources