August 11th, 2007, 01:55 PM
9 MS patches for August
The usual scenario.........there are 9 security updates of which 6 are expected to be critical.
Apparently August is a bad month because it is a time when a lot of IT professionals are on vacation and it is popular with the bad guys for this reason.
They are generally pretty quick to reverse engineer the patches and develop live exploits
August 11th, 2007, 04:01 PM
Given the new Advanced Notification bulletins that Microsoft has, you can now make a fairly decent call on what the vulnerabilities will be... Most of this months will only be considered "remote code execution" (as Microsoft likes to use) because of the possibility of Web Based, User Interaction Required attacks.... Technically there's the potential for 3 truly remote attacks if you go by the MSRC write-up and 2 if you go by the Advanced Notification bulletin (since they are new they still tend to have the occasional mistake, so we'll see who is right)... And 1 of those (either way) is Vista only and would be fairly minor..
Last month actually saw 3 "technically remote" attacks and none of them were serious... Only one showed real potential and after a while even it proved to only be reliable as a DoS. While no module was released for Metasploit, they couldn't take it beyond the DoS condition either...
Even with the ability to reverse the patches, we've only seen one or two, truly good, "wormable" exploits in the past year (wormable without requiring user interaction) and neither of them were taken advantage of....
While I'm looking forward to a long day on Tuesday... I don't think it will be as bad as it could be (although I'm sure that will come back to kick my ass).
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
By SDK in forum *nix Security Discussions
Last Post: February 7th, 2005, 10:33 PM
By MrLinus in forum Microsoft Security Discussions
Last Post: February 27th, 2004, 12:14 AM
By mayhem991 in forum AntiOnline's General Chit Chat
Last Post: February 1st, 2003, 01:12 AM
By prodikal in forum AntiOnline's General Chit Chat
Last Post: October 20th, 2002, 01:41 PM
By micael in forum *nix Security Discussions
Last Post: March 7th, 2002, 07:01 AM