Archive for August, 2009

Four Microsoft Re-releases Today

August 26, 2009 · Filed under Current Threats and Vulnerabilities · Tagged

Microsoft re-released four items today.

 

MS09-044

This bulletin has been revised many times since the August 11, 2009 release.  Let’s hope this is the last major revision needed.  Microsoft updated the security bulletin to fix a download URL issue for RDP Version 5.2 for Windows XP SP2.  We had already discovered this issue late last week.  The URL that we used on patch Tuesday had started downloading the wrong version of the patch.  If you are using latest version of the Shavlik XML, there are no changes needed.

 

MS09-029

Microsoft updated this security bulletin to communicate the re-release of the Japanese language update for Windows XP SP2, SP3 and Windows XP x64 SP2.  Again, the latest version of the Shavlik XML already covers this re-release because the detection logic has not changed for the patch.

 

Security Advisory 967940

“V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029.”

Reading into Microsoft’s revision notes can be a bit tricky.  We are currently researching the patch associated for this Advisory update.  If there is a required patch update for this advisory, we will add support in our XML.

 

Security Advisory 973882

This security advisory is associated to the ATL vulnerability.  Microsoft has added another affected product to this Advisory:  Windows Live Messenger.  If you are using Windows Live Messenger 8.1, 8.5 or 14.0, this product could be affected by this vulnerability.  Upon launching Windows Live Messenger, it will check into the Windows Live Messenger service to see if there is an update.  If an update is required, the product will prompt you to patch it to version 14.0.8089.  The ATL software vulnerability is contained in the “Attach Photo” feature.  The patch will remove this functionality for a short-term fix.  Microsoft has stated they will fully resolve this issue, and return this functionality, when they launch another feature.

We are currently investigating this advisory and associated patch.

Leave a comment »

New Version Of Thunderbird Now Available

August 25, 2009 · Filed under Patch Management · Tagged ,

Mozilla has released a new version of Thunderbird.

Thunderbird 2.0.0.23:  addresses 1 critical security vulnerability.  The release notes can be found here.

The software vulnerability that was addressed by this product update allowed man-in-the-middle attacks via spoofed SSL servers.  If you using Thunderbird in your organization, I highly suggest patching this in your next patch cycle.

Shavlik has released data files (XML version 1.1.3.5062) containing this patch.

This vulnerability also existed in version of Firefox 3.5 and Firefox 3.0.  Mozilla issued product updates addressing this software vulnerability prior to this Thunderbird release in Firefox 3.5 and Firefox 3.0.13.

Leave a comment »

Did my product just update?

August 25, 2009 · Filed under Shavlik General · Tagged

Depending on the frequency of security patches released, Shavlik can release new data files up to four times a week. Two common questions we commonly receive are: “When were data updates posted?” and ”What is contained in the update?”

There are a few different ways you can stay informed on data updates for the Shavlik product lines.

  • On the Shavlik Website, you can subscribe to an email list that contains detailed information about data updates for the Shavlik Product lines. When Shavlik publishes new data file updates, we will send an email out to the list informing of the recent update and its contents. The Shavlik support web page contains a form that can be filled out to join this list.  Or, you can send a blank email to subscribe-shavlik-xml-AT-listserv.shavlik.com (replace -AT- with @) to sign up for the email list.

Please note: When subscribing to the email list, you will be sent an email confirmation. You will need to follow the instructions contained in the email to approve the subscription request to receive notifications.

  • Another method of receiving updates is on the Shavlik Support Forums, under the section “XML Announcements”. The Shavlik support team will place the contents of the email notification in the in this section of the Shavlik Support Forums. You do not need to be a registered user to view these postings.

 

  • Lastly, the Shavlik NetChk Protect 7.0 product has a built in RSS feed on the home screen. The information displayed is the same information you would receive via the email list. The product will refresh new update announcements as they become available. This notification only contains patch information as NetChk 7.0 does not include Spyware or Configure in the console. You can also view this information on the Shavlik NetChk Protect 7 update blog.

 

NetChk 7.0 Data Updates Example

NetChk 7.0 Data Updates Example

Our updates can be either Patch, Configure or Spyware updates. In the title of the email, you will see a designation on the type of update that occurred. There can be combinations of the following:

  • [Patch] – These notifications include only Patch data update information.
  • [Spatch] – These notifications contain both Patch and Spyware update information.
  • [Configure] – These notifications include Configure data update information.
  • [Spyware] – These notifications include Spyware data update information.

Leave a comment »

Post Patch Day Cleanup

August 13, 2009 · Filed under Patch Management · Tagged ,

After a busy overnight the August version of Patch Day, we are still working on new XML.

Later this afternoon, we will be releasing new XML with the following changes:

  • Re-release of MS09-029
  • MS09-043 – Microsoft Office 2000 Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office XP Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office 2003 Web Components Service Pack 3 (new product detection)
  • MS09-043 – Microsoft Office 2003 Web Components Service Pack 1 for the 2007 Microsoft Office System (new product detection)
  • MS09-043 – Microsoft Office Small Business Accounting 2006 (new product detection)

On Friday, we are planning on releasing the following:

  • Safari 4.0.3
  • Security Advisory 973811 (Non-security patch)
  • Outlook Junk Email Filter for 2003
  • Outlook Junk Email Filter for 2007
  • Re-release of MS09-035

Leave a comment »

New Microsoft Security Advisory Published

August 11, 2009 · Filed under Current Threats and Vulnerabilities · Tagged

Microsoft also released a new Security Advisory in this month’s version of “Patch Tuesday”.

Microsoft Security Advisory (973811)
Extended Protection for Authentication

This security advisory includes a new feature that adds additional security measures.  Microsoft noted that this is an optional configuration.  You should visit the security advisory page and research whether this new feature applies to your network.  It is important to note that the security advisory was not released to address a known vulnerability.

Security advisories are not new to the patching industry.  Microsoft has released advisories as a temporary protection measure for users while the patch is being programmed and ultimately released to the public.  In the past, Microsoft described manual workarounds for temporary protection against known vulnerabilities.  These work arounds primary dealt with program settings and registry tweaks.  Deploying registry tweaks in mass to large corporate network can cause quite a bit of pain for administrators.  In response a couple of months ago, Microsoft started releasing “FixIt” tool patches.  These patches allowed patch management vendors the ability to aid administrators in the security advisory deployments.

But with this advisory, Microsoft released the patch as a non-security patch.  You can find the patch(es) here:

Windows Server 2003; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
Download Location

Windows Server 2003 x64; Windows Server 2003 Service Pack 2 x64
Download Location

Windows Server 2003 Service Pack 2 x64; Windows XP Professional x64
Download Location

Windows Server 2008 x64
Download Location

Windows XP Service Pack 2; Windows XP Service Pack 3
Download Location

Windows Vista x64 Service Pack 1; Windows Vista x64 Service Pack 2
Download Location

Windows Server 2008
Download Location

Windows Vista; Windows Vista Service Pack 1; Windows Vista Service Pack 2
Download Location

If you are running Windows 7 or Windows 2008 R2, this new technology has already been implemented and no action is required.

After deploying this patch, manual intervention is need on each machine.  In order to enable this technology, registry tweaks are required.  More details on this process can be found on the Security Advisory page under “How do I enable this feature?”.

We will be looking at adding support for this non-security patch later this week.

Leave a comment »

August “Patch Tuesday”

August 11, 2009 · Filed under Patch Management · Tagged

After a busy month of patching with the out-of-band patch day, the fun continues as Microsoft has released 9 new bulletins for the August version of Patch Tuesday.

Microsoft also re-released two security bulletins:

Apple is getting in on the Patch Tuesday cycle for this August.

It is not uncommon for Microsoft to release this many bulletins. We have seen this number before. What is important to note is the volume of patches associated with some of these bulletins. MS09-044 affects five different versions of RDP that can be affected/installed on 16 different versions of Windows. As we have not seen this product patched in the past, we will be writing new product support detection for each of these. MS09-037 is another bulletin that has a lot of patches and affected products associated to it. Windows ATL Component, Outlook Express, DHTML Editing Component, MSWebDVD, Windows Media Player.

We are currently working on these bulletins and will continue working through the overnight hours. This updated XML post will be later than normal, and you should expect this to be released in the early hours of Wednesday morning.

Leave a comment »

August “Patch Tuesday” Announced

August 6, 2009 · Filed under Patch Management · Tagged

Microsoft released their Advanced Notification for the August patch day scheduled for Tuesday, August 11th.  They are planning on releasing nine security bulletins.

There is quite a range of products affected this month.  Servers and desktops appear to both being focused on this month.  Six of these bulletins are currently rated as “critical” and three of these bulletins are rated as “important”.

Affected products this month:

  • ISA Server 2004
  • ISA Server 2006
  • BizTalk Server 2002
  • Visual Studio .NET 2003
  • Office XP
  • Office 2003
  • Office Web Components
  • .NET
  • Windows Media Player
  • Outlook Express
  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 2003
  • Windows 2008

It appears we will be adding a new supported product for Client For Mac as well.  Also expect new versions of the MSRT Tool and Outlook 2003/2007 Junk Email Filters.

After a long week of patching,  everyone will be following it up with another long week of patching.  We will be working diligently through the night on an XML update with these updates.  Also, we will be looking at supporting Windows 7 as a scannable product.  Please note that Windows 7 was not announced as an affected product of these security bulletins.

If you haven’t had your patching window in the past week, this patch maintenance window could be especially big.  New versions of Adobe Flash, Adobe Reader, Adobe Acrobat, Adobe Shockwave, Mozilla Firefox, Apple iTunes and Sun Java have been released as well.

You can view more information regarding the Microsoft August Patch Tuesday on the Microsoft Technet website.

Leave a comment »

One wild week of patching…

August 5, 2009 · Filed under Current Threats and Vulnerabilities, Patch Management · Tagged , , , ,

In the past week, we have seen many patches being released for one reason or another.  Security bulletins/patches being released frequently is not uncommon, and many of us in the industry (patch management solution providers or administrators) are quite used to the chaos it can throw at us.  Although, the past week has been quite a brutal week for everyone due to the amount of patches released and how they were released concurrently.

A timeline recap of the past week:

  • Tuesday, July 28th:  Microsoft releases two out-of-band bulletins.  The software vulnerabilities that are addressed by these bulletins were discussed at the Black Hat Conference prompting an out-of-band release.
  • Wednesday, July 29th:  Adobe releases a new version of Shockwave addressing the ATL issues fixed with the Microsoft out-of-band bulletins.
  • Thursday, July 30th:  Adobe releases a new version of Adobe Flash addressing the ATL vulnerability as well as other critical software vulnerabilities.
  • Friday, July 31st:  Adobe releases new versions of Adobe Acrobat and Adobe Reader addressing the ATL vulnerability as well as other critical software vulnerabilities.
  • Friday, July 31st:  Apple releases new versions of iTunes addressing a software vulnerability affecting iPhones.  Again, this vulnerability was disclosed at the Black Hat conference.
  • Monday, August 3rd:  Firefox releases new versions of their Firefox browser addressing multiple critical software vulnerabilities.
  • Tuesday, August 4th:  Sun releases a new version of Java addressing multiple security vulnerabilities.
  • Tuesday, August 4th:  Microsoft re-releases the two out-of-band security bulletins.  This primarily affected Microsoft patch management consumers.  These consumers will need to run their network scans again looking for missing patches.

Needless to say, this has been quite a busy week for administrators and patching.  With most companies needing to adhere to a patching window, I think it is safe to say system downtime for patching in the past week has been at an extreme high.  Some of this pain, I will say, was a direct cause of the Black Hat Conference.  Security researchers, who were going for glory, announced vulnerabilities in products to wow their peers.  Now, most people will say it is their right.  I think it is foolish and they are part of the patching/vulnerability problem.  Disclosing proof of concept of software vulnerabilities, that vendors have not supplied patches for, creates a security risk for everyone.  Enjoy the five minutes of fame.  I just hope that companies will be able to push out patches to their systems before hackers begin exploiting the previously unknown vulnerability.

And, there is no rest for the weary and bleary eyed administrator.  One week from today, Microsoft will be releasing their regularly scheduled security bulletins.

Leave a comment »

New Versions Of Firefox Available

August 4, 2009 · Filed under Patch Management · Tagged ,

Mozilla has released two new versions of Firefox.

Firefox 3.5.2:  addresses 4 Critical, 1 Moderate and 1 Low.  The release notes can be found here

Firefox 3.0.13:  addresses 2 Critical and 1 Moderate vulnerability.  The release notes can be found here.

With any Internet Browser, I highly recommend patching as soon as possible.  We will be releasing updated XML today with both patches.

Leave a comment »

New Version of Java Released

August 4, 2009 · Filed under Patch Management · Tagged ,

Sun has released a new version of Java 6:  Java 6 Update 15.  This version of Java fixes a lot of bugs, along with seven security Sun Alerts:  263408, 263409, 263428, 263429, 263488, 263489, and 264648.

More information regarding this new patch can be found here.

We are currently looking into this patch and will provide XML this Thursday.

Leave a comment »