patches – Paul's Tech Talk

Patch Tuesday List for April 14, 2009

PaulApril 14, 2009

So Microsoft has released the patches for April and here they are:

Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) — This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

[ad#cricket-right-ez]Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (KB959426) — This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759) — This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB961373) –This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (KB960477) — This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.

Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) — This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you can see there are Eight updates and it seems Microsoft isn’t pushing anything else with this update. We also have the Malicious Software Removal tool for this month as well as the Junk Filters. If you want to keep your system secure I’d suggest getting a [intlink id=”2205″ type=”page”]Free Firewall and Free Anti-virus[/intlink]. If you have a lot of systems to update, I’d also suggest what I have been calling[intlink id=”2883″ type=”post”] Clone of Autopatcher[/intlink]. This will download them onto a ISO for you to burn and use around all the systems that are offline.

Offline Update 5.0, Clone of Autopatcher to Some!!

PaulFebruary 3, 2009

Offline updater 5.0 has been released a couple months ago and I just realized it now. This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft. The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

[ad#ad2-right]I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections. This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install. You can take a DVD and update on the fly within Mins. DVD being Cheap or buying them in bulk helps saves time and money for the company. Less time spent downloading the updates and more time actually getting work done. As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm. This would help install the updates that it prevented you from doing in the first place. I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again. You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Q: How can I create the offline update CD images automate, for example via a “scheduled job”?
A: Create a new batch file in the “cmd”, eg “DownloadUpdatesAndCreateISOImage.cmd”. Add the desired calls of

“DownloadUpdates.cmd” and “CreateISOImage.cmd” with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a “time-controlled contract” for the new script “DownloadUpdatesAndCreateISOImage.cmd” to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ’s Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning. You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

This is nice if you have clients who use the Microsoft Office Suites also. Some Malware will often try to infect people’s systems through a office script or some other vector. So this will also prevent infections or hackers from getting onto the system by updating this also. You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:

Offline update 5.0 Download site

Official Site for Offline Update (Translated into English)

A fan wants to Release Windows 7 Now : My Security Concerns

PaulJanuary 29, 2009

After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.

[ad#ad2-right]I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.

Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.

The Important Windows patches Released Today

PaulDecember 9, 2008

As many of you know we talked about the Non-critical patches that Microsoft will release today. IF you want to read those please go and check it out. I’ll be talking about the REALLY important ones that Microsoft has kept tight until now. These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

KB955839

KB957388

KB890830

KB905866

These are just the tip of the iceberg. although this list are not A lot. I’d wanted to let people know about what people coin “Exploit Wednesday“. I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible. Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates. I don’t suggest testing it more than a couple days. Here are some good Virtual Machine software to try out yourself:

Hyper-V (Microsoft Product)

VMware Virtual Machine

Virtual PC 2007 (Microsoft product)

Virtual Box – Sun Microsystems (FREE)

Kaffe Virtual Machine (Haven’t Tried this one)

Here is the list of updates that are critical that Microsoft released today. Each one of these are quite important and should be considered installed when you get a chance.

[ad#ad2-left]Microsoft Security Bulletin MS08-073 – Critical
Cumulative Security Update for Internet Explorer (KB958215)

This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-071 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

[ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

KB952069
(not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

These are just ones that I found and wanted to let you know, the others have been explained on the other article. So check them all out and I suggest installing them quickly as possible.

Rumor is that Itunes will Remove DRM!

PaulDecember 9, 2008

[ad#ad2-right]A report from last week brought to AppleInsider‘s attention by French technology site ElectronLibre asserts that it’s now “clear” Apple will spark new interest in its music store by removing DRM from tracks published by Sony, Universal and Warner on December 9th.

[Via Apple Insider]

Although, this is somewhat unlikely I’ve got my own theories on this. You see If Apple did this tomorrow that would be a BIG deal, due to the fact that Microsoft will be releasing there patches on the same day. I find it would be a momentous occasion.

[ad#ad2-left]I can only guess why and the guess is just a guess. If Itune’s did remove there DRM the same time as Microsoft Patch Tuesday, I’d have to guess they will co-inside because of the difficulty of using the DRM, Digital Rights Management, on other products. For example, Windows Media Player . If Apple decided to approach Microsoft and come up with a way to make sure all DRM is stripped this would be the ideal situation. Although this is highly unlikely, I’d have to think Apple wouldn’t wait till tomorrow to strip the DRM. They know Microsoft schedule. We will have to find out in the coming days.