Wednesday, October 15, 2008

Eveything and Everyone Impacted this Patch Tuesday; Eliminating Admin Priviliges on End-user Workstations.

This information based on my previous blog "Microsoft security updates due next week"

Wow, everything and everyone is affected by this month’s Patch Tuesday:

Domain controllers:  2 very important bulletins address vulnerabilities present in domain controllers.  I recommend you immediately apply MS08-060 (Windows 2000 DCs only) and MS08-063 to your domain controllers after minimal or no testing.

Servers: In my chart below note that there are 4 bulletins impact primarily servers and that there is also a patch specific to HIS (mainframe/AS400 connectivity).  In particular, take note of MS08-062 which is already being exploited in attacks.  If you use Internet Printing Protocol patch such systems immediately.

SharePoint: This month’s Excel bulletin (MS08-057) impacts MOSS 2007 servers so make sure you patch them too.

Workstations and Terminal Servers: As usual most (8 out of 11) bulletins workstation centric.  In particular watch out for MS08-058 which addresses some nasty IE bugs and MS08-061 both of whose exploit details are already public.

I’d also like to bring your attention to the point frequently made in MS security bulletins: “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights

 Here's chart:


Bulletin

Exploit Types
/Technologies Affected

System Types Affected

Exploit
details public?
/ Being exploited?

Comprehensive,
practical
workaround
available?

MS severity rating

Products Affected

Notes

Randy's recommendation

MS08-056

957699

Information Disclosure

/Office

Terminal Servers and Workstations

No/No

Not unless you can live with file downloads disabled in IE

Moderate

Office XP SP3

 

Disable CDO or patch (does same thing)

MS08-057

956416

Remote Code

/Office Excel

Terminal Servers and Workstations

SharePoint Servers

No/No

No

Critical

Office 2000 Office 2003
Office XP
Office 2007
MOSS 2007
Mac Office 2004/2008

Viewers and compatibility packs also affected

Patch after testing

MS08-058

956390

Remote code, Information Disclosure /Internet Explorer

Terminal Servers and Workstations

Yes/No

No

Critical

Windows 2000 Windows XP
Server 2003
Vista
Windows 2008

Cumulative update addresses 6 vulnerabilities; Restart Req’d

Patch ASAP after testing

MS08-059

956695

Remote Code
 /Host Integration Server

Servers

No/No

Yes

Critical

Host Integration Server 2000, 2004, 2006

Apply workaround(s) or  patch after testing

MS08-060

957280

Remote code, DOS

/Active Directory

DOMAIN CONTROLLERS

No/No

No

Critical

Server 2000

Only domain controllers affected; Restart Req’d

Patch immediately

MS08-061

954211

Privilege Elevation

/Windows

Terminal Servers and Workstations

Yes/No

No

Important

Windows 2000 Windows XP
Server 2003
Vista
Windows 2008

Restart Req’d

Patch after testing

MS08-062

953155

Remote Code

/Windows Internet Printing

Servers

No/Yes

Yes

Important

Windows 2000 Windows XP
Server 2003
Vista
Windows 2008

Vista not vulnerable at this time but patch will be offered

Immediately patch systems with IPP enabled

MS08-063

957095

Remote Code

/Windows

Servers or workstations that allow file shares

DOMAIN CONTROLLERS

No/No

No

Important

IMO: Critical

Windows 2000 Windows XP
Server 2003
Vista
Windows 2008

Restart Req’d

Patch ASAP after testing

MS08-064

956041

Privilege Elevation

/Windows

Terminal Servers and Workstations

No/No

No

Important

Windows XP
Server 2003
Vista
Windows 2008

Restart Req’d

Patch after testing

MS08-065

951071

Remote Code

/Windows

Servers, Terminal Servers and Workstations

No/No

Yes

Important

Windows 2000

Restart Req’d

Disable Message Queue via Group Policy or patch ASAP after testing

MS08-066

956803

Privilege Elevation

/Windows

Terminal Servers and Workstations

No/No

No

Important

Windows XP
Server 2003

May have issue with ZoneAlarm; Restart Req’d

Patch after testing

Happy patching!!!

Thanks as always for reading and best wishes on security.

Courtesy: Randy F. Smith

www.ultimatewindowssecurity.com

Security policy being bypassed by employees, survey finds.


Many companies have security policies and procedures in place, but the results of a recent survey found that employees are bypassing many of them, bringing sensitive data home with very few protections.

 In many cases, companies are struggling to find the right balance between strict security requirements and employee productivity as more employees work at home. Encryption and other security technologies are available, but some firms are accepting the risk and some may be unaware that end users are bringing customer data, personally identifiable information or company financial data home with them on laptops, smartphones and Universal Serial Bus (USB) flash drives.

RSA Security Inc., the Security Division of EMC Corp., conducted the survey, polling 417 individuals at separate conferences in April, May and June. 46% work in the financial services sector, 46% are IT professionals and 54% work in companies with more than 5,000 employees.

The survey found that 94% were familiar with their organizations' IT security policies, yet 53% felt the need to work around security policies in order to get their work done.

"There is a natural tradeoff between security, total cost of ownership and ease of use," said Sean Kline, director of product management in the identity access assurance group at RSA. "When you don't have a good balance between these things for particular populations of an organization, there's going to be a disharmony and they are going to try to resolve that by going around security."

Almost half of all respondents and 60% of those surveyed based in the U.S. said they frequently leave work with a laptop or mobile device which holds sensitive information related to their job. Although few reported losing a device holding sensitive information, the information is more than likely not encrypted, Kline said.

"Companies are encouraging employees to leave the office with sensitive information, the trick is how you put appropriate security controls in place so that's safe," he said.

Kline said some firms are using encryption and even business data rights management technologies to control access to business documents and ensure they can be rendered useless in the hands of a rogue employee or outsider. Other firms appear to be choosing to accept the risk instead of adding costly security controls.

Employees also sometimes send business documents to their personal email address so they can access them from home. Seventy-nine percent of those surveyed said they sometimes or frequently access business documents using their personal email address.

Security training and education is not being neglected at many organizations. Nearly 70% of those surveyed said they receive training about the importance of following security best practices.

Kline said there are best practices available to help companies find the right balance between security and productivity. The International Organization for Standardization (ISO) has a set of best practices in ISO 27002 that can aid companies in implementing or improving their information security programs, Kline said.

"It's important to first take an assessment of which information and which transactions around that information are of the highest value and then an assessment of what potential threats there are within the organization and then create policy around the risk of an event occurring," Kline said. "If you just jump to putting controls in place, that's where you have a problem."

You also risk IT security being seen as an obstacle to productivity. A study, done by research firm IDC on behalf of RSA, the Security Division of EMC, found that the majority of senior managers believe IT security risk is the largest single obstacle to innovation in their businesses.
Source: 
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1334613,00.html