Patch Analysis for November 2009

First you have the usual batch of workstation related security patches. One of them in particular - MS09-065 - needs immediate attention if your run pre- Vista workstations which are susceptible to arbitrary code attacks where bad guy puts malicious content on websites and other html sources and take over client computers. The vulnerability is public.
Other than that, admins of Windows 2000 servers and domain controllers need to pay attention to MS09-064 for computers with License Logging Service running. 
The surface area of Windows keeps increase. I didn’t even know about port 5357 and 5358 and Web Services on Devices (WSDAPI) until this month with MS09-063. Just a “patch after testing” vulnerability but to learn more about WSDAPI check out the FAQ in Microsoft’s security bulletin.
Also interesting is that Windows 7 survived unscathed this month.  To track patches for Windows 7 (5 so far) use my MS security bulleting database:

Before I give the Fast Facts chart for this month's patches please take note of these items:

  1. Register now for Security Log Secrets - Los Angeles - January 25-27, 2010
  2. Need to audit SharePoint?  Check out my new software - LOGbinder SP
  3. Next security log webinar: 11 Ways to Detect System Intrusions with the Security Log

And here's the chart:

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
MS severity ratingProducts AffectedNotesRandy's recommendation

Arbitrary code

/ Embedded OpenType fonts
Terminal Servers
Yes/NoNoCritical Win2000
Restart Req'dPatch Pre-Vista Workstations Immediately

Arbitrary code

/ Office Excel
Terminal Servers
No/NoNoImportant Office 2003
Office 2007
Office 2004 for Mac
Office 2008 for Mac
Excel Viewer
Office Converter Pack
Office 2002
Restart may be req'dPatch after testing

Denial of service

/ Active Directory, ADAM, AD LDS
Domain Controllers
No/NoYesImportant XP
Server 2003
Server 2000
Server 2008
Restart Req'dPatch after testing

Arbitrary code

/ Windows
No/NoNoCritical Vista
Restart Req'dPatch after testing

Arbitrary code

/ License Logging Service
Domain Controllers
No/NoYesCritical Server 2000
Restart Req'dPatch after testing or disable License Logging Service

Arbitrary code

/ Office Word
Terminal Servers
No/NoNoImportant Office XP
Office 2003
Word Viewer
Office 2004 for Mac
Office 2008 for Mac
Open XML Format Converter Mac
Restart may be req'dPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.


Additional Resources