Patch Tuesday Analysis for February 2007

3 things you need to know about this Patch Tuesday’s 12 security bulletins:

1. 11 of the 12 are workstation focused with 5 being critical. The ActiveX control trend continues which you can address without patching using my free, handy dandy administrative template.
2. Do you use any of Microsoft’s anti-malware tools? See MS07-010.
3. The Office document vulnerabilities trend continues with 2 more bulletins. This is where multiple AV engines pay off. Several of you last month questioned how you can afford multiple AV products. More thoughts coming on that issue next week. In the meantime, thanks for the feedback, keep it coming.
4. Vista and Office 2007 continue to squeak by.

The chart below gives you fast facts about all 12 bulletins

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS07-013

918118
Arbitrary code

/ Windows, Office
Workstations
Terminal Servers
No/NoNoImportant Win2000
XP
Office 2000
Office XP
Office 2003
Office 2004 for Mac
Server 2003
Visio 2002
Project 2000
Project 2002
Microsoft Learning Essentials
Microsoft RichEdit 
MS07-005

923723
Arbitrary code

/ Step-by-Step Interactive Training
Workstations
Terminal Servers
No/NoNoImportant Win2000
XP
Server 2003
  
MS07-012

924667
Arbitrary code

/ Windows, Visual Studio
Developer Workstations
No/NoNoImportant Win2000
XP
Visual Studio .NET 2002
Visual Studio .NET 2003
Server 2003
malformed embedded OLE object within a Rich Text Format (RTF) file 
MS07-011

926436
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoImportant Win2000
XP
Server 2003
Microsoft OLE Dialog 
MS07-009

927779
Arbitrary code

/ MS Data Access Components
Workstations
Terminal Servers
Yes/NoNoCritical Win2000
XP
Server 2003
Yet another ActiveX control 
MS07-007

927802
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Windows Image Acquisition Service 
MS07-016

928090
Arbitrary code

/ IE
Workstations
Terminal Servers
Yes/NoNoCritical Win2000
XP
Server 2003
Multiple IE vulnerabilities 
MS07-006

928255
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Server 2003
Physical access or Remote Desktop connection required 
MS07-008

928843
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoNoCritical Win2000
XP
Server 2003
Another ActiveX controlPatch after testing
MS07-014

929434
Arbitrary code

/ Word
Workstations
Terminal Servers
Yes/YesNoCritical Office 2000
Office XP
Office 2003
Office 2004 for Mac
Works 2005
Works 2004
Works 2006
6 malformed Word doc holes 
MS07-010

932135
Arbitrary code

/ Microsoft Malware Protection Engine
Workstations
Terminal Servers
Servers
No/NoNoCritical Windows Live OneCare
Microsoft Antigen
Windows Defender
Microsoft Forefront Security
Malformed PDF turns anti-malware engine into malware agent! 
MS07-015

932554
Arbitrary code

/ Office, Project, Visio
Workstations
Terminal Servers
Yes/YesNoCritical Office 2000
Office XP
Office 2003
Office 2004 for Mac
Visio 2002
Project 2000
Project 2002
Malformed Excel and PowerPoint docs 

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.