Fast Facts on this Month's Microsoft Security Bulletins

sponsored by Shavlik NetChk Protect

2 patches this month both targeted at workstations and with exploit details public.

MS08-069 is yet another browser related patch affecting mostly workstations and terminal servers. Exploit details are public so get your workstations patched before it starts showing up in web pages that your users frequent or may be directed to through emailed links.

The other patch is rather interesting – again impacting principally workstations. The bulletin is poorly written and I’ve requested clarification from Microsoft. If I understand it correctly I’m not sure I agree with Microsoft’s. It’s not clear in the bulletin but apparently the victim user is tricked into authenticating an SMB session (mostly used for file sharing) to a malicious server which snaps the client’s credentials, initiates a new SMB session back to the Server service on the victim user’s computer using the snagged credentials. My question to Microsoft is “Does the Server service need to enabled on the victim client as a prereq for this attack to work? If so why isn’t that listed as a workaround?” If my understanding that a reverse SMB session (bad guy server back to victim’s PC) is required is correct then perimeter firewalls should protect you against malicious servers on the Internet leaving this basically an issue for other untrusted and internal networks.

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation	Supported by Shavlik NetChk Protect ?
MS08-069 955218	Remote Code /Windows XML	Terminal Servers and Workstations	Yes /No	No	Critical	Windows 2000 Windows XP Server 2003 Vista Windows 2008	Addresses 3 vulnerabilities	Patch ASAP with minimal testing	Yes
MS08-068 957097	Remote Code /Windows SMB	Terminal Servers and Workstations	Yes /No	Yes	Important	Windows 2000 Windows XP Server 2003 Vista Windows 2008	NTLM Authentication not handled correctly	Enable SMB signing or patch ASAP with minimal testing	Yes
		Shavlik NetChk Protect An award winning solution that simplifies and accelerates the detection and remediation of gaps in your system security, resulting in an enterprise that is ready to improve the speed, accuracy and productivity of its IT security and compliance operations - in physical and virtual environments.