November 30, 2009
· Filed under Patch Management · Tagged The More You Know...
Patch management itself can be a very challenging task for many organizations. What is the best patching policy? What if I have questions about a patch? Vendors can supply their own ideas or troubleshooting tips, but there are times that people who are responsible for their own companies patch management have the best support and ideas.
Patchmanagement.org is a community of patch management experts that provide support to each other. They communicate through an email list that is not owned or directed by any vendor. All content is provided by the community itself.
I have been a part of this community for a few years and it is an invaluable resource for me.
If you would like to learn more or join, please visit Patchmanagement.org.
For Microsoft WSUS users, there is also a community specifically designed for you. The WSUS mailing list can also be found on that web page.
- Jason Miller
November 23, 2009
· Filed under Shavlik General · Tagged The More You Know...
We are now tweeting our Shavlik XML status updates on Twitter. You can now be alerted to new XML patch data XML posts through our tweets.
And as always, we will continue to send out our email announcements and blog announcements.
- Jason Miller
November 21, 2009
· Filed under Patch Management · Tagged Apple
Apple has released a new version of Apple QuickTime. QuickTime 7.6.5 contains two fixes that are not security related and is for Windows only.
- Jason Miller
November 20, 2009
· Filed under Patch Management · Tagged Apple
Apple released a new version of their Safari browser last week.
Question: What does an Internet browser have to do with an Apple iPhone?
Answer: Apparently everything!
Apple is now bundling Apple Application Support with their Safari browsers. If it is not installed, the Safari browser will not run. To make matters worse, Safari bundles a newer version of Apple Application Support. If you have any version of Apple Application Support previous to 1.1 (1.0, 1.0.1) installed, the browser will not launch.
If you run into the AAS error with Safari, you will need to extract appleapplicationsupport.msi from the Safari browser install. Using AAS 1.0 and 1.0.1 will not work.
Like I said before: vendors should focus on creating stable and secure products and stop worrying about bundling in applications. I am sure it is only a matter of time before Apple “accidently” puts Apple Application Support in their Apple Updater Software.
- Jason Miller
November 16, 2009
· Filed under Current Threats and Vulnerabilities · Tagged Security Advisory
Microsoft has released a new security advisory, 977544. This vulnerability affects SMB in Windows 7 and Windows 2008 R2. This vulnerability could lead to a Denial of Service attack. If successfully exploited, the attack could unexpectedly reboot systems.
Does a SMB security advisory sound familiar? Microsoft Security Advisory 976497 was released (and subsequently patched) in early September. That advisory also affected the SMB service, but for all operating systems this current advisory does not affect (XP, Vista, 2003, 2008).
It is important to note: the current advisory is a Denial of Service, unlike the previous security advisory. Security Advisory 975497 led to remote code execution.
The current work around stated by Microsoft should be used at your own risk. Disabling TCP ports 139 and 445 can break many business functions such as file and print sharing.
It is unlikely Microsoft will release an out of band patch for this vulnerability. The vulnerability is not publically known and will only lead to a denial of service attack if exploited. Expect this patch to be released in their next patching cycle for December.
- Jason Miller
November 10, 2009
· Filed under Patch Management · Tagged Patch Tuesday
Microsoft has released six new security bulletins in November’s Patch Tuesday. Administrators are getting a bit of a break after last month’s mammoth security bulletin release.
MS09-065 is the first bulletin administrators should address. This bulletin affects the Windows Kernel and can lead to remote execution on a target system. This bulletin addresses three vulnerabilities. One of the vulnerabilities was disclosed to Microsoft, but it was also disclosed publically. This could lead to a quick turn around on exploits for this vulnerability. This vulnerability affects the way the Windows Kernel parses Embedded OpenType fonts. These are typical on websites. If a user visits a specially crafted website, an attacker can take control of the system. The internet is one of the most popular attack vectors, so this should be patched as soon as possible on your workstations.
MS09-063 affects Windows Vista and 2008 only. The vulnerability affects a service that is on by default on those systems: Web Services on Devices API (WSDAPI). An evil attacker can send a specially crafted network packet to a target system. If successful, the attacker can take complete control of the system. It is interesting that a new service that helps with the “user experience” can cause so much harm. The WSDAPI service allows users to easily find devices such as printers and cameras on their network. This vulnerability is also not publically known at this time.
The next two security bulletins address vulnerabilities in Microsoft Excel and Microsoft Word. MS09-067 addresses eight vulnerabilities in which none are publically known for Microsoft Excel. MS09-068 affects Microsoft Word and addresses one vulnerability that is not publically known. To exploit these vulnerabilities for both bulletins, a user must open a specially crafted Excel/Word document. This could be done through a website or through an email attachment. If opened, the malicious document could lead to remote code execution on the target system. Both bulletins affect Office for Mac as well.
MS09-064 is an interesting vulnerability. If this was released six years ago, this vulnerability would be rated extremely critical. This bulletin addresses a vulnerability that only affects Windows 2000, specifically the License Logging Server. This service is on by default on Windows 2000 systems. An attacker can send a specially crafted packet to the target system that can result in remote code execution on the target system. As Windows 2000 is an aging technology, this may not affect too many organizations. It is important to note any computer running Windows 2000 today is typically a server. This could make this bulletin extremely critical as it could be a primary device on your network.
MS09-066 affects corporate networks as it addresses a vulnerability in Active Directory. A successful exploit can result in denial of service on the system. This vulnerability will be difficult to exploit though. All operating systems other than Windows 2000 require valid credentials to send a specially crafted packet. If an attacker already had valid credentials, they would do more damage than a denial of service attack on a server. For Windows 2000 servers, like MS09-064, these machines should be patched immediately. A specially crafted packet sent to a Windows 2000 machine can result in an unresponsive machine that requires an unscheduled reboot.
Microsoft also re-released two security bulletins. MS09-045 was revised to add JScript 5.7 on Windows 2000 SP4 as an affected product. MS09-051 was revised to change the detection logic for the patch affecting Audio Compression Manager on Microsoft Windows 2000 Service Pack 4. If you have already applied this patch to your system(s), you will not need to reapply this patch.
- Jason
November 5, 2009
· Filed under Patch Management · Tagged Adobe, Patch
Adobe released a new version of the Adobe Shockwave Player (11.5.2.602): APSB09-16. This new version of Shockwave fixes four Critical vulnerabilities
- CVE-2009-3244
- CVE-2009-3463
- CVE-2009-3464, CVE-2009-3465
- CVE-2009-3466
- Jason
November 5, 2009
· Filed under Uncategorized
Today, Microsoft announced the Advanced Notification for the November 2009 patch day. They are planning on releasing six new bulletins. These six bulletins address 15 vulnerabilities.
- Three bulletins are rated as Critical.
- Three bulletins are rated as Important.
- Five bulletins can lead to Remote Code Execution.
- One bulletin can lead to Denial Of Service.
- Four bulletins affect the Windows Operating System.
All operating systems are affected except Windows 7.
- Two bulletins affect Microsoft Office.
Microsoft Excel, Word and Excel Viewer are affected
Adobe released their quarterly security bulletin update last month, so there is no current planned release for Adobe this month.
More information regarding the bulletins will be released next Tuesday as Patch Day hits. This month, administrators are getting a bit of a break compared to last month. Six bulletins that affect pretty much any machine on your network can be painful, but this patch day will not be as bad as October’s Patch Day.
- Jason
November 4, 2009
· Filed under Patch Management · Tagged Apple, Patch, Sun
Sun has released new versions of Sun Java.
- Sun Java 6 Update 17
- Sun Java 5.0 Update 22
These new versions fix one non-security issue and five software vulnerabilities.
- Non Security Fix (Sun Bug Id)
269868
Apple released a new version of iTunes, version 9.0.2. Apple is typically a little slow on announcing security fixes in new releases of iTunes. Stay tuned to see if this release was indeed security related. And, the apple application support error still exists as Apple did not fix the installer for iTunes. If you deploy iTunes with the silent command line switch, Apple Application Support will not install. This is required to run iTunes.
I have an earlier blog posting that can assist you on getting past this error as well. The posting can be found here.
- Jason Miller
