Microsoft Advisories for June: 10 New, 3 Re-released
Results 1 to 4 of 4

Thread: Microsoft Advisories for June: 10 New, 3 Re-released

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002

    Exclamation Microsoft Advisories for June: 10 New, 3 Re-released

    Notice they have re-released the TCP/IP patch (MS05-019) as well as the Word patch (MS05-023) both of which are rated critical. They also re-released the ASP.Net patch. Also, there's a patch for Server Message Block (SMB) protocol.

    I'm concerned about the SMB and Word advisories so far in my reading. At first glance they seem to have a high potential for worms as well as viruses exploiting but haven't fully researched them.

    Happy patching!

    Microsoft link for June patches.

    [ New Patches ]

    Rated CRITICAL by Microsoft: ***CONSIDER PATCHING IMMEDIATELY*** - Internet Explorer - HTML Help (Windows) - SMB (Windows)

    Rated IMPORTANT by Microsoft: - Web Client Service - Exchange - Outlook Express - Interactive Training (what the heck is this?)

    Rated MODERATE by Microsoft: - Microsoft Agent - Telnet Client - ISA Server

    [ Re-issued Patches ]


    Rated IMPORTANT by Microsoft: - ASP.Net
    Share your patching experiences with these with the rest of us if you would.

  2. #2
    The SMB vulnerability does look to be the most worrying one.

    A close read of the details on the Microsoft site show that it is possible for an anonymous remote user to execute arbitary code on the target system.. and that's a possible vector for spreading a worm.

    Worse, the workaround is basically to use a firewall to keep traffic off your network. This is fine, but will only work as long as some freaking idiot doesn't bring an infected laptop into your organisation.

    And there's more.. there's no patch for NT machines and it looks suspiciously like they might be vulnerable. I know that a *lot* of people have legacy NT servers that they haven't replaced yet. If that's the case then it becomes imperative that nobody strolls in with an infected machine.

    I guess.

  3. #3
    Join Date
    Dec 2003
    If you have an NT machine you're concerned about, but can't get rid of, you can sign an agreement with Microsoft (it isn't cheap) to get these security patches for NT.

  4. #4
    I sat through a presentation on this yesterday and there's no doubt that the SMB is the biggest security threat this year. NT is almost definitely vulnerable in theory, as well as XP/2000/2003.

    The only good thing is that it is extremely difficult to exploit the vuln to run arbitary code. However, the analyst said that *are* people who will probably be able to do it. However, creating a DOS attack based on the flaw is much easier.

    In any case, once a POC (proof of concept) is released it will probably be only a couple of days before it finds its way into some malware. Of course, if that POC runs arbitary code then we have a very serious problem indeed.

    REMEMBER: Although a firewall will mitigate the problem, you will only be protected until either some luser brings an infected laptop into your organisation, or some virus or other malware drops and exploit in after being delivered via email or a browser vulnerability.

    So.. patch patch patch patch patch.

    Incidentally, for NT servers the eEye Blink product might offer some protection. I'm certainly going to have a look at that product in the next couple of days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts