Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb  
     
     
     
About Diary's Authors
About Diary's Authors

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.
Securelist Polls
How would you prefer to pay for your antivirus solution?
Using a prepay card
Via your mobile (SMS)
Via the Internet using a debit\ credit card
Using cash\ credit\ debit in a shop
Using an e-payment system (e.g. PayPal)
Other
  View responses
 

  Home / Weblog

Analyst's Diary

Patch Tuesday


  Bo       November 10, 2009 | 21:13  GMT

comment  

The first patch Tuesday since the release of Windows 7 wasn’t as historic as last month – this time Microsoft released 6 patches addressing 15 vulnerabilities.
Today’s patches did not include a patch for Windows 7 but there is one for Vista. Could this be an indication of things to come or I should say not to come?

Four of today's patches address issues in pre-Win7 versions of Windows and Windows Server and the other two are for Office products. Three of the six patches are considered critical with the other half labeled important.

Microsoft considers MS09-065 the most critical of the bunch. This patch mitigates 3 vulnerabilites, one of which has been publicly disclosed. This patch prevents users running Windows 2000 SP4, XP SP2 and SP3 or Server 2003 SP2 from being exploited when visiting specifically crafted maliscious websites. If you are running Windows Vista or a more recent OS this is not critical and lowered to a severity rating of important as the impact is only Elevation of Privilege.

The other two updates included in this patch require the attacker to have valid logon credentials to successfully exploit.

MS09-063 affects Windows Vista and Windows Server 2008 and is for Web Services on Devices API (WSDAPI). This is the service that allows Windows clients to discover and access remote devices such as PDAs, cameras, printers and other devices. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The key here is that the attacker will need to be on the local subnet to exploit this vulnerability.

MS09-064 affects only Windows 2000 Server SP4 and addresses the License Logging Service (LLS) which is enabled by default. Microsoft suggests that administrators with Windows 2000 Servers on public facing networks should put this patch higher on the list in priority.

MS09-067 and MS09-068 are the Microsoft Office patches. In this case the exploit will only work with some user interaction, specifically if the user opens a malicious excel or word file. Because those of us who run Office 2003 or later are prompted to open, save or cancel before opening any files from emails, Microsoft lowered the severity and deployment priority.

I would like to point out here that if you don’t know who sent you the file or why they would have sent it, you might want to hold off on opening it.

Clearly it is too early to say Window 7 has been the improvement Microsoft says it is and over the next few months it should be interesting to see how things go for Win7.

As always I suggest downloading and installing the patches, but I would like to note that 4 out of the 6 patches will require a reboot so make sure to plan accordingly.

For more information on these patches please visit Microsoft’s blog.

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com