Microsoft Get Ready for Patch Tuesday. 6 Bulletins

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

  • Bulletin 1: Critical (Remote Code Execution), Windows
  • Bulletin 2: Critical (Remote Code Execution), Windows
  • Bulletin 3: Critical (Remote Code Execution), Windows
  • Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server
  • Bulletin 5: Important (Elevation of Privilege), ISA Server
  • Bulletin 6: Important (Remote Code Execution), Office

[ad]It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c.  It also seems they will be Patching the Virtual PC and Server and ISA Server.    Microsoft will also be patching 2007 Microsoft Office System Service Pack 1.  They will also Be Releasing 14 different patches for non Critical status.

The Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] updated to the lastest updates and schedule a time next week for you to test and install these updates.   I would recommend updating your [intlink id=”2205″ type=”page”]anti-virus and Firewall[/intlink] software if you have any, if not it is time to get them and install them.

Electric Company fear Mongering gone wrong!!

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

[ad#cricket-right-ez]This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

One email stated that The power systems we have in place today are ran by Knobs and Switches. Mostly built int he 70’s and 80’s, these power stations are mostly ran by manual intervention. The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet.

Since this particular email comes from a very trusted source, I am inclinded to believe this person. Is it possible that there ARE computers in power stations that are connected to the Internet? Yes, I am quite sure there are. However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

[Via Sans Internet Storm]

I agree with what Sans is saying but I don’t think there is anything to worry about, for the fact that I think that the computers that control electricity are not hard wired to be online. This is meaning that if someone virus or worm gets on those computers there is no way these viruses or worms could talk back to command and control. This is my Theory and I don’t work from the electric but I do think this is the most plausible way they are preventing this type of attack. The First Tier, just like tech support, is for Corporate and technicians to talk to eat other over the intranet. The 2nd Tier, this is the important computers that would control Electric process. I don’t know this for sure but I think the 2nd tier would be used to isolate the computers from being accessed externally. Like I said before I don’t work for the electric company and this is all theory on how the electric has this set up!! So you can take it with a grain of salt or come up with your own ideas.

Upcoming Patch Tuesday for February 10, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

[ad#ad2-right]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates.  Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

  • Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)
  • Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version
  • Cumulative Update for Media Center for Windows Vista (KB960544)
  • Cumulative Update for Media Center TVPack for Windows Vista (KB958653)
  • Update Rollup for ActiveX Killbits for Windows (KB960715)

We got an Update to Media Center and TVPack for Windows Vista to resolve issues with software.   The ActiveX Killbits issues have been identified in ActiveX controls that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it.  So we don’t exactly know what what issues they are talking about.   I hope this helps your system administrators get ready for this update.  If I were you, I’d having Clone of Autopatcher ready for these updates.  Remember to patch as soon as your company will allow, because waiting to long could make you have even more of an headache.   I’ll update the others as soon as I find out the updates.

Admins are shaking in there boots due to the Ms 09-001 Patch

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most  companies don’t patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.