Newsletter Archives

  • MS-DEFCON 2: August Black Tuesday unleashed

    Posted on August 12, 2009 at 07:23 CDT by Comment in the Forums

    It’s going to be a bloody month.

    Microsoft just released nine security bulletins, covering 19 separate security holes.

    Five of the bulletins have an exploitability rating of “1” which means Microsoft “expect[s] there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.”

    Sorry, I don’t buy it.

    This month we get two ActiveX security bulletins, with a total of nine separately identified security holes. That’s just for ActiveX – the evil spawn of Internet Explorer.

    MS09-037 is the patch for the Active Template Library that I talked about two weeks ago. If you recall, there was an out-of-band patch that was supposed to fix the problem. Again. Security Advisory 973882 goes into the details of how MS09-032, MS09-034, MS09-035 and MS09-037 are inter-related. Man, what a mess. Keystone Kops time.

    The other ActiveX security bulletin, MS09-043, fixes ActiveX holes in the Office Web Components.

    Those are the two bulletins I’ll be watching most closely. I may advise you to apply the patches earlier this month than usual. Let’s see what happens.

    As usual, the most thorough analysis is at the SANS Internet Storm Center – although I don’t recommend that you follow their “damn the torpedoes, patch it now” advice.

    We’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    UPDATE: In response to a request from Vaughn, here are the KB numbers for the August Black Tuesday patches:

    MS09-036
    Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

    MS09-037
    Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

    MS09-038
    Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

    MS09-039
    Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

    MS09-040
    Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

    MS09-041
    Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

    MS09-042
    Vulnerability in Telnet Could Allow Remote Code Execution (960859)

    MS09-043
    Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

    MS09-044
    Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

    Windows Patches/Security , , , , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.