August Patch Tuesday
Results 1 to 6 of 6

Thread: August Patch Tuesday

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    August Patch Tuesday

    Hey Hey,

    This Tuesday is the second Tuesday of the month, and like every other month that means it's time again for Patch Tuesday.

    This time it looks bad... 12 Updates, 10 for Windows and 2 for Office... lately the turn around for PoCs and working exploits going public seems to be less than two weeks... HD Moore was 9 days on RASMAN, a couple had detailed enough explanations in the advisories that "discoverers" put out last time that working exloits could have easily been writen... This is a large number of updates for one time.... More updates means a better chance of missing one or something messin' up. When you consider that from Jan - July we had ony 39 updates in total.... we're now adding 12 more.. That's 23.5% of all updates released up to and including this august release... 8 months of updates and nearly 1/4 of them are coming out in a single month...

    I'm going to put in some time this weekend catching up on the mailing lists see if I missed anything that could be assumed to lead to a Patch Tuesday update.... I'll post anything I find..

    Here's the MS Advance Notice Bulletin
    Summary
    =======

    On 8 August 2006 Microsoft is planning to release:

    Security Updates

    . Ten Microsoft Security Bulletins affecting Microsoft Windows.
    The highest Maximum Severity rating for these is Critical. These
    updates will be detectable using the Microsoft Baseline Security
    Analyzer and the Enterprise Scan Tool. Some of these updates will
    require a restart.

    . Two Microsoft Security Bulletins affecting Microsoft Office.
    The highest Maximum Severity rating for these is Critical. These
    updates will be detectable using the Microsoft Baseline Security
    Analyzer. These updates may require a restart.


    Microsoft Windows Malicious Software Removal Tool

    . Microsoft will release an updated version of the Microsoft
    Windows Malicious Software Removal Tool on Windows Update, Microsoft
    Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update
    Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS

    . Microsoft will not release any NON-SECURITY High-Priority
    Updates for Windows on Windows Update (WU) and Software Update
    Services (SUS).

    . Microsoft will release twoNON-SECURITY High-Priority Updates
    on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins,
    products affected, restart information and severities are subject to
    change until released.
    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Almost service pack time...........SP3 for XP....hey that rhymes

    seeing that vista is delayed.....and the loooooong list of patches

    Would be nice if it was all rolled up in on big fat SP

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    12 patches...sigh. Long hours ahead doing risk assessments.

    There's some speculation that they'll patch PowerPoint. Not sure what all is gonna be patched in Windows.

    Wonder if the 12 include reissues...I suspect there's a reissue coming.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    The list is quite impressive... Only one true remote, one that's a MITM and the rest are local or "end-user interaction" vulns... Keep an eye on the one remote (MS06-040 - Server Service) as there is already an exploit circulating (speaking of which, if anyone has it... fire me a PM)...

    I'm surprised that there are two kernel level exploits and that MMC made it in there this round... IE was expected...

    People can follow along on our progress today if they so desire @ http://blog.ncircle.com

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    wel...yeah I agree over the SP3 issue..its around 2 years or more MS released SP2...now Usera need another package!!
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I don't think they'll do SP3 until IE7 is out of beta. It seems MS has a different version planned for XP than for Vista.

    http://arstechnica.com/journals/micr.../2006/8/8/4915
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •