Newsletter Archives

  • MS-DEFCON 2: August Black Tuesday unleashed

    Posted on August 12, 2009 at 07:23 CDT by Comment in the Forums

    It’s going to be a bloody month.

    Microsoft just released nine security bulletins, covering 19 separate security holes.

    Five of the bulletins have an exploitability rating of “1” which means Microsoft “expect[s] there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.”

    Sorry, I don’t buy it.

    This month we get two ActiveX security bulletins, with a total of nine separately identified security holes. That’s just for ActiveX – the evil spawn of Internet Explorer.

    MS09-037 is the patch for the Active Template Library that I talked about two weeks ago. If you recall, there was an out-of-band patch that was supposed to fix the problem. Again. Security Advisory 973882 goes into the details of how MS09-032, MS09-034, MS09-035 and MS09-037 are inter-related. Man, what a mess. Keystone Kops time.

    The other ActiveX security bulletin, MS09-043, fixes ActiveX holes in the Office Web Components.

    Those are the two bulletins I’ll be watching most closely. I may advise you to apply the patches earlier this month than usual. Let’s see what happens.

    As usual, the most thorough analysis is at the SANS Internet Storm Center – although I don’t recommend that you follow their “damn the torpedoes, patch it now” advice.

    We’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    UPDATE: In response to a request from Vaughn, here are the KB numbers for the August Black Tuesday patches:

    MS09-036
    Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

    MS09-037
    Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

    MS09-038
    Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

    MS09-039
    Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

    MS09-040
    Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

    MS09-041
    Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

    MS09-042
    Vulnerability in Telnet Could Allow Remote Code Execution (960859)

    MS09-043
    Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

    MS09-044
    Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

    Windows Patches/Security , , , , , ,

  • MS-DEFCON 3: Get patched now

    Posted on July 30, 2009 at 11:01 CDT by Comment in the Forums

    With the Black Hat conference in full swing in Las Vegas, and detailed instructions for bypassing Microsoft’s killbit patches posted on the Web, it’s time to get everything patched.

    Rub your lucky rabbit’s foot, bend over and kiss your keester, and install all of Microsoft’s outstanding patches. Yes, that includes the killbit patches I’ve been moaning about, and the patches Microsoft released two days ago. Susan Bradley’s Top Story in Windows Secrets Newsletter, released about an hour ago, convinced me that the bad guys are hovering, and a rash of infectious junk is about to hit the fan.

    Specifically, you should install Windows Vista Service Pack 2/KB 948645 , the .NET Framework patch, KB 951847 , Office 2007 Service Pack 2 / KB 953195 , Windows XP Service Pack 3, KB 936929 , the old killbit patch KB 960715 , and the two new ones, MS09-034 / KB 972260, and MS09-035 / KB 969706.

    If you get repeated notifications to install the killbit patches, check out this workaround.

    Microsoft has screwed up the killbit patches so much that you may well break some of your old applications, but the fact that the security holes go all the way into the libraries means there are thousands of newly discovered infectious vectors. The only way you’re going to guard against them is by applying Microsoft’s horrendous updates. You can thank Microsoft’s use of ActiveX for that.

    Do me a favor and boycott Internet Explorer, OK? Use Firefox. We’ll both sleep better at night.

    We’re at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    Get all caught up, and stay tuned for more fixes, as a result of disclosures at the conference.

    Windows Patches/Security , , , , , , , , , , , , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.