For August 2007, we are releasing nine new security bulletins as part of our standard monthly bulletin release. In addition, we are re-releasing one security update from July 2007. Finally, we are releasing a security
To help you assess this month's release, I'll cover the re-release and the security advisory. I'll also cover the changes in functionality in two of this month's Critical new security updates as well.
First, I want to mention our detection and deployment tools so you are aware of the latest deadlines and new offerings.
SUS 1.0 Expiration
I want to explain the expiration of support for Software Update Services (SUS) 1.0 that I mentioned in last month's column.
Last month's bulletin release marked the end of support for SUS 1.0. This means that starting with this month's release, new updates, including security updates, will NOT be available through SUS 1.0. We hope that everyone has migrated to a supported version of Windows Server Update Services (WSUS): either WSUS 2.0 or the new WSUS 3.0. If you have not migrated, we encourage you to do so right away because your SUS 1.0 clients will not receive this month's security updates or any future security updates.
Microsoft Update Catalog
This new tool can help you deploy updates including security updates. The Microsoft Update Catalog is a searchable catalog of all security updates, drivers and service packs that are available through Windows Update (WU) and Microsoft Update (MU). You can also use the Microsoft Update Catalog to obtain and deploy hotfixes. You can use the Microsoft Update Catalog to distribute these updates through a corporate network using tools such as WSUS 3.0, System Center Essentials (SCE) or System Center Configuration Manager (SCCM).
The Microsoft Update Catalog expands the capabilities of your update deployment infrastructure and provides the capability to deploy hotfixes to address known issues in security updates when they occur. We encourage all who are using WSUS 3.0, SCE or SSCM to evaluate the Microsoft Update Catalog for their environment.
Expiration of Support for MBSA 1.2.1
I also want to remind you again of the upcoming expiration of support for Microsoft Baseline Security Analyzer (MBSA) 1.2.1 on Oct. 9, 2007. Once again, we encourage all customers to upgrade toMBSA 2.0.1, the latest version of MBSA.
Microsoft Security Advisory (932596)
We are releasing one security advisory today: Microsoft Security Advisory (932596). This is to make customers who run x64-based Windows operating systems aware of an update for Kernel Patch Protection.
This update adds additional checks to Kernel Patch Protection for increased reliability, performance and security. We periodically make updates to improve the security of Kernel Patch Protection. While this update does not address security vulnerabilities in Kernel Patch Protection, it contains changes that help improve security. So, we are releasing Microsoft Security Advisory (932596) to help customers who run x64-based Windows operating systems so they are aware of this update, and to encourage them to test and deploy it.
Re-Release of MS07-038
We are re-releasing MS07-038, the security update for the Windows Vista Firewall from July 2007. There are no changes to the update itself; the update as originally released protects against the vulnerability discussed in the bulletin. We've made changes to the installer for this update to address installation issues that a very small number of customers were experiencing. These are outlined in Microsoft Knowledge Base Article 935807. If you've already applied this update then you do not need to take any action. However, if you were experiencing the issues outlined in the article, you should go ahead and apply the updated version.
Severity ratings and killbits for Microsoft Internet Explorer Bulletin MS07-045
For the new security updates this month, I call your attention to information about this month's Microsoft Internet Explorer security update for your risk assessment and your testing and deployment.
Specifically, while this bulletin is rated as "Critical" for Internet Explorer 5.01 and Internet Explorer 6 on Windows XP Service Pack (SP) 2, it is rated as "Important" for Internet Explorer 7 on Windows XP SP2 and Windows Vista. Further, because of the Enhanced Security Configuration (ESC) on Windows Server 2003 SP1 and SP2, this is rated as "Moderate" for these platforms when running Internet Explorer 6 and "Low" when running Internet Explorer 7.
Next, in addition to addressing the security updates discussed in the bulletin, this month's IE update sets the killbit for a number of ActiveX controls:
- ouactrl.ocx: a control that is out of support
- The CAPICOM control addressed in Microsoft Security Bulletin MS07-028
- The Download Manager ActiveX control, available from Akamai Technologies
- An ActiveX control available from Lenovo
- An ActiveX control available from Motive Incorporated.
Please see security bulletin MS07-045 for more information on these ActiveX controls.
Functionality changes for Windows Media Player Bulletin MS07-047
Next, for your testing and deployment, I wanted to make you aware of a change to functionality in this month's security update for Windows Media Player, MS07-047.
For more information about this change, please see Microsoft Knowledge Base Article 940893.
In closing, I want to encourage you to join me and Mike Reavey on Wednesday, Aug. 15, at 11 a.m. Pacific Time. Like we do each month, we'll review the bulletin in more depth and answer your questions with information from our subject matter experts. If you can't join us for the live webcast, don't forget that you can listen to it later on demand. You can register for the webcast here.
Be sure to mark your calendars for the September 2007 bulletin, which will release on Tuesday, Sept. 11th. I'll be joining you here again in September with information to help you plan and deploy the release for your environment.