Patch Tuesday Analysis for February 2008

Microsoft released a jumbo set of patches but none of them are currently public or being exploited in attacks so you can take your time analyzing and testing.  Most of the patches are workstation centric but as far as servers there’s one denial of service exploit for domain controllers and ADAM servers and 2 patches for IIS.  Many of the patches have workarounds if you prefer to avoid patch deployment where possible. 

Below is my standard chart of fast facts to help your analysis:

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS08-006

942830
Arbitrary code

/ Windows, IIS
IIS Servers
No/NoYesImportant XP
Server 2003
Classic ASP not installed by default. ASP.NET not affectedPatch after testing
MS08-005

942831
Privilege elevation

/ Windows, IIS
IIS Servers
No/NoYesImportant Win2000
XP
Vista
Server 2003
Vista SP1 and 2008 not affected;Patch after testing
MS08-010

944533
Arbitrary code

/ Windows, IE
Workstations
Terminal Servers
No/NoNoCritical Win2000
XP
Vista
Server 2003
Small Business Server 2003
Cumulative update to IE; Restart Req’dPatch after testing
MS08-007

946026
Arbitrary code

/ Windows
Workstations
Terminal Servers
No/NoYesCritical XP
Vista
Server 2003
Vista SP1 and 2008 not affected; Restart Req’dDisable WebDAV; Patch after testing
MS08-004

946456
Denial of service

/ Windows
Workstations
No/NoNoImportant Vista
Restart Req'dPatch after testing
MS08-003

946538
Denial of service

/ Windows,AD and ADAM
Servers
No/NoYesImportant Win2000
XP
Server 2003
Active Directory LDAP; Restart Req’dUse IPSec, firewall to block LDAP. Patch after testing
MS08-009

947077
Arbitrary code

/ Word
Workstations
Terminal Servers
No/NoYesCritical Office 2000
Office XP
Office 2003
Office 2004 for Mac
NoneInstall MOICE; Patch after testing
MS08-011

947081
Arbitrary code

/ Office, Works
Workstations
Terminal Servers
No/NoYesImportant Office 2003
Works 8
Works 2005
File convertersDisable file converters; Patch after testing
MS08-012

947085
Arbitrary code

/ Office Publisher
Workstations
Terminal Servers
No/NoNoCritical Office 2000
Office XP
Office 2003
NonePatch after testing
MS08-013

947108
Arbitrary code

/ Office
Workstations
Terminal Servers
No/NoYesCritical Office 2000
Office XP
Office 2003
NoneRestrict access to VBE6.dll; Patch after testing
MS08-008

947890
Arbitrary code

/ Windows, Office, Visual Basic
Workstations
Terminal Servers
No/NoYesCritical XP
Vista
Visual Basic 6.0
Office 2004 for Mac
Server 2003
Datacenter Server 2000
Advance Server 2000
Restart Req’dSet kill bit for affected ActiveX; Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.