COLUMN

Inside MSRC: Microsoft releases searchable update database

By Christopher Budd 14 Aug 2007 | SearchSecurity.com Digg This!     StumbleUpon     Del.icio.us

For August 2007, we are releasing nine new security bulletins as part of our standard monthly bulletin release. In addition, we are re-releasing one security update from July 2007. Finally, we are releasing a security advisory to make you aware of a new update that can help improve your overall security.

To help you assess this month's release, I'll cover the re-release and the security advisory. I'll also cover the changes in functionality in two of this month's Critical new security updates as well.

First, I want to mention our detection and deployment tools so you are aware of the latest deadlines and new offerings.

SUS 1.0 Expiration

I want to explain the expiration of support for Software Update Services (SUS) 1.0 that I mentioned in last month's column.

Last month's bulletin release marked the end of support for SUS 1.0. This means that starting with this month's release, new updates, including security updates, will NOT be available through SUS 1.0. We hope that everyone has migrated to a supported version of Windows Server Update Services (WSUS): either WSUS 2.0 or the new WSUS 3.0. If you have not migrated, we encourage you to do so right away because your SUS 1.0 clients will not receive this month's security updates or any future security updates.

About Inside MSRC: As part of a special partnership with SearchSecurity.com, Christopher Budd, security program manager for the Microsoft Security Response Center (MSRC), offers an inside look at the process that leads up to "Patch Tuesday" and guidance to help security professionals make the most out of the software giant's security updates. Also see: Inside MSRC: Microsoft Server flaw should be given high priority Inside MSRC: Microsoft offers details on MOICE advisory, Outlook flaws Inside MSRC: Microsoft issues further guidance on Exchange update

Microsoft Update Catalog

This new tool can help you deploy updates including security updates. The Microsoft Update Catalog is a searchable catalog of all security updates, drivers and service packs that are available through Windows Update (WU) and Microsoft Update (MU). You can also use the Microsoft Update Catalog to obtain and deploy hotfixes. You can use the Microsoft Update Catalog to distribute these updates through a corporate network using tools such as WSUS 3.0, System Center Essentials (SCE) or System Center Configuration Manager (SCCM).

The Microsoft Update Catalog expands the capabilities of your update deployment infrastructure and provides the capability to deploy hotfixes to address known issues in security updates when they occur. We encourage all who are using WSUS 3.0, SCE or SSCM to evaluate the Microsoft Update Catalog for their environment.

Expiration of Support for MBSA 1.2.1

I also want to remind you again of the upcoming expiration of support for Microsoft Baseline Security Analyzer (MBSA) 1.2.1 on Oct. 9, 2007. Once again, we encourage all customers to upgrade toMBSA 2.0.1, the latest version of MBSA.

Microsoft Security Advisory (932596)

We are releasing one security advisory today: Microsoft Security Advisory (932596). This is to make customers who run x64-based Windows operating systems aware of an update for Kernel Patch Protection.

This update adds additional checks to Kernel Patch Protection for increased reliability, performance and security. We periodically make updates to improve the security of Kernel Patch Protection. While this update does not address security vulnerabilities in Kernel Patch Protection, it contains changes that help improve security. So, we are releasing Microsoft Security Advisory (932596) to help customers who run x64-based Windows operating systems so they are aware of this update, and to encourage them to test and deploy it.

Re-Release of MS07-038

We are re-releasing MS07-038, the security update for the Windows Vista Firewall from July 2007. There are no changes to the update itself; the update as originally released protects against the vulnerability discussed in the bulletin. We've made changes to the installer for this update to address installation issues that a very small number of customers were experiencing. These are outlined in Microsoft Knowledge Base Article 935807. If you've already applied this update then you do not need to take any action. However, if you were experiencing the issues outlined in the article, you should go ahead and apply the updated version.

Severity ratings and killbits for Microsoft Internet Explorer Bulletin MS07-045

For the new security updates this month, I call your attention to information about this month's Microsoft Internet Explorer security update for your risk assessment and your testing and deployment.

Specifically, while this bulletin is rated as "Critical" for Internet Explorer 5.01 and Internet Explorer 6 on Windows XP Service Pack (SP) 2, it is rated as "Important" for Internet Explorer 7 on Windows XP SP2 and Windows Vista. Further, because of the Enhanced Security Configuration (ESC) on Windows Server 2003 SP1 and SP2, this is rated as "Moderate" for these platforms when running Internet Explorer 6 and "Low" when running Internet Explorer 7.

Next, in addition to addressing the security updates discussed in the bulletin, this month's IE update sets the killbit for a number of ActiveX controls:

• ouactrl.ocx: a control that is out of support
• The CAPICOM control addressed in Microsoft Security Bulletin MS07-028
• The Download Manager ActiveX control, available from Akamai Technologies
• An ActiveX control available from Lenovo
• An ActiveX control available from Motive Incorporated.

Please see security bulletin MS07-045 for more information on these ActiveX controls.

Functionality changes for Windows Media Player Bulletin MS07-047

Next, for your testing and deployment, I wanted to make you aware of a change to functionality in this month's security update for Windows Media Player, MS07-047.

For more information about this change, please see Microsoft Knowledge Base Article 940893.

Conclusion

In closing, I want to encourage you to join me and Mike Reavey on Wednesday, Aug. 15, at 11 a.m. Pacific Time. Like we do each month, we'll review the bulletin in more depth and answer your questions with information from our subject matter experts. If you can't join us for the live webcast, don't forget that you can listen to it later on demand. You can register for the webcast here.

Be sure to mark your calendars for the September 2007 bulletin, which will release on Tuesday, Sept. 11th. I'll be joining you here again in September with information to help you plan and deploy the release for your environment.

Tags: Security Patch Management,  Windows Security: Alerts, Updates and Best Practices,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Adobe patches ColdFusion vulnerability blocking website attack Microsoft to address DirectShow, ActiveX zero-day flaws Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Windows Security: Alerts, Updates and Best Practices Microsoft to address DirectShow, ActiveX zero-day flaws New attack code targets Microsoft ActiveX zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Web Browser Security Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary