There are two bulletins that administrators should look to patch immediately.  Both of these bulletins address vulnerabilties that have the potential for drive-by attack scenarios from websites.

First up is Microsoft security bulletin MS12-010.  This bulletin affects all supported Microsoft Internet Explorer browsers and addresses four vulnerabilities in the browser.  As is the case with most, if not all Internet Browsers, it is …]]> Microsoft has released nine new security bulletins for the February 2012 edition of Patch Tuesday.  This Patch Tuesday is typically marked as a ‘heavy’ release month and includes nine new security bulletins addressing 21 vulnerabilities.

There are two bulletins that administrators should look to patch immediately.  Both of these bulletins address vulnerabilties that have the potential for drive-by attack scenarios from websites.

First up is Microsoft security bulletin MS12-010.  This bulletin affects all supported Microsoft Internet Explorer browsers and addresses four vulnerabilities in the browser.  As is the case with most, if not all Internet Browsers, it is extremely important to patch as soon as possible as browsers are one of the most attacked pieces of software.  The vulnerabilities addressed in this patch could allow an attacker to exploit the browser through malicious websites.

Similarly, MS12-013 also has a possible drive-by attack vector.  This bulletin addresses one vulnerability in the C Run-Time Library.  If an attacker can entice a user to open a malicious media file, the attacker can gain full access to a system.  In this new media and social media age, media file attack vectors are just as important as browser attack vectors when it comes to patching security vulnerabilities.

Our old friend, the DLL preload vulnerability, is making a return after a one-month hiatus.  Two bulletins this month fix the DLL preload vulnerability in Microsoft applications.

MS12-012 – Color Control Panel
MS12-014 – Indeo Codec

Since releasing the Security Advisory for this issue in November 2010, Microsoft has patched different programs affected by this vulnerability 22 times.  It is safe to say we will continue to see the DLL preload vulnerability being addressed by Microsoft in the coming months.

On the non-Microsoft front, there is already one vendor joining Patch Tuesday.  Adobe released two new security bulletins today affecting two Adobe products.  Security bulletin APSB12-02 affects Adobe Shockwave and fixes nine vulnerabilities.  Adobe Security bulletin APSB12-04 affects Adobe RoboHelp for Word and fixes one vulnerability.

This has been quite a busy month with multiple non-Microsoft vendors releasing security updates for their software.  After a very quiet December and January, it appears the non-Microsoft vendors are getting back to a normal cadence for releasing security updates for their software application.  The following vendors have released security updates since January 2012 Patch Tuesday:

Opera
Google Chrome (twice)
Yahoo Messenger
Mozilla Firefox (twice)
Mozilla Thunderbird (twice)
Mozilla SeaMonkey (twice)
Real Player
Skype

For those administrators who wait for a monthly maintenance window for their patching needs, this month is going to be quite a large month combining all of the Microsoft and non-Microsoft security bulletins released since the last Patch Tuesday.

I will be talking about these patches along with the latest non-Microsoft patches that have been recently released tomorrow, February 15th at 11:00am CT as part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

- Jason Miller

Security Bulletin Breakdown:

Affected Products:

There has been no word of other vendors planning to release new security bulletins, but we are constantly monitoring to find any other vendors planning on joining Microsoft’s Patch Tuesday.

I will be talking …]]> Microsoft has announced their February 2012 Advanced Notification for the upcoming Patch Tuesday.  Microsoft is planning to release nine security bulletins fixing 21 vulnerabilities.

Security Bulletin Breakdown:

• 4 bulletins are rated as Critical
• 5 bulletins are rated as Important
• 7 vulnerabilities could lead to Remote Code Execution
• 2 vulnerabilities could lead to Elevation of Privilege

Affected Products:

• All supported Microsoft Operating systems
• All supported Internet Explorer browsers
• Visio Viewer 2010
• SharePoint Server 2010
• SharePoint Foundation 2010
• Silverlight 4

There has been no word of other vendors planning to release new security bulletins, but we are constantly monitoring to find any other vendors planning on joining Microsoft’s Patch Tuesday.

I will be talking about these patches along with the latest non-Microsoft patches that have been recently released next Wednesday, February 15th at 11:00am CST in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

- Jason Miller

The survey also found …]]> I found an interesting blog post by industry veteran Don Jones for Redmond Magazine that I wanted to share.  It leads well into our recent ITScripts Catalog update.  Mr. Jones talks about a recent survey he performed on how much emphasis was placed on scripting (specifically with PowerShell) for different IT job titles.  Of the 600 respondents 80 percent require PowerShell in some, if not all, positions within IT.  None of the job titles were specific to PowerShell Scripter either, so it is an indication that this is one of many skills expected of IT Admins.

The survey also found that 90 percent of respondents believe there is value in automating repetitive tasks, and 92 percent felt it can provide a quick ROI if done properly.

VMware vCenter Protect Essentials customers all have access to the ITScripts feature which released in 8.0 and integrates with Microsoft PowerShell.  VMware vCenter Protect Essentials Plus customers have access to additional scripts and have the ability to import their own scripts into vCenter Protect.  If you want to talk about automating repetitive tasks you are really talking about how to take the script you have written to solve a problem for one machine and replicate the solution to all machines.  How do you do that?  GPO, login scripts, through PowerShell’s RM feature?  Does the script require some form of authentication to run?  How do you secure the credentials in a case like that?

With the ITScripts feature in vCenter Protect Essentials you take advantage of our machine discovery and management features as well as our credentials management.  If you can scan it with vCenter Protect Essentials you can run the script against the machine.  Most scripts run remotely so PowerShell is not required on every machine which would be a limitation if you are trying to run the script on every machine in your environment.

How about having confidence in the script you download from a scripting community?  Our scripts are run through our development and QA teams.  This will save time by not having to verify that the script will do what you expect and test to ensure it will work.  Just approve the script and go.

How about scripts that you need that you have not found yet?  Our scripting feature has only been in production since November so we haven’t seen much request traffic yet, but if you go to our community you will find that our first request, which came in last week, has already been fulfilled.

You can find details about the scripts available in the ITScripts Catalog on the ITScripts Community, but here are the two new scripts we released.

- Added Disable Java Updates (version 1.0.0.9) which will turn off the pesky updater (and notification) that you do not need as you are patching the Java Runtime with vCenter Protect.  It also reduces end user frustration with the overall user experience on their machine as they have one less annoyance to deal with on a regular basis.

- Added Get Remote Users Last Login Time (version 1.0.0.3) which will query a remote machine to identify all user accounts on the target and return last login time for each.  There are a few common applications to this script like trying to identify which user a machine may belong to if the machine name is either not correct or is some generic format that does not include a reference to the user who it may be assigned to.  Another common use for this script would be to identify what accounts (and their data) could be removed from a system so you can cleanup space if the system is running low.

Both scripts are available to vCenter Protect Essentials and vCenter Protect Essentials Plus customers.  If you go to Manage > ITScripts you can view all scripts available in the catalog and approve the scripts you desire for use in vCenter Protect Essentials.

Regards,

Chris Goettl
Customer-Product Owner
SMB Management Solutions
VMware

The primary bulletin administrators should patch first is MS12-004.  This security bulletin addresses two vulnerabilities with Windows Media types.  Opening a malicious media or MIDI file on an unpatched system could allow an attacker to gain full control of the system.  As media files are extremely popular for viewing and sharing, administrators should patch this bulletin on their workstation machines as soon as possible.  It is important to note that …]]> Microsoft is starting off the new year with seven new security bulletins released for the January 2012 Patch Tuesday.  These seven new security bulletins address eight vulnerabilities.

The primary bulletin administrators should patch first is MS12-004.  This security bulletin addresses two vulnerabilities with Windows Media types.  Opening a malicious media or MIDI file on an unpatched system could allow an attacker to gain full control of the system.  As media files are extremely popular for viewing and sharing, administrators should patch this bulletin on their workstation machines as soon as possible.  It is important to note that newer operating systems (Windows 7, Windows 2008 R2) are not affected by one of the vulnerabilities.  These machines will only show one patch missing whereas older Microsoft operating systems (Windows XP, Vista, 2003, 2008) will require two patches to fully fix the vulnerabilities in this security bulletin.

Administrators were given a last minute 2011 holiday surprise with an out-of-band security bulletin release from Microsoft.  On December 29th, Microsoft released MS11-100 to address a critical zero-day vulnerability with the Microsoft .NET program.  This vulnerability had the exploit code published and the bulletin could not wait until the regularly scheduled Patch Tuesday for release.  The vulnerability had a particularly nasty affect on web servers running ASP.NET web pages.  If successfully exploited, an attacker could create a denial of service attack on any web site running the vulnerable code.  Most administrators patched their web servers immediately with this security bulletin but chose to wait to patch all desktops and non-public facing web servers until the next scheduled Patch Tuesday.

On the non-Microsoft front, Adobe is planning to release their quarterly security bulletin update today with security bulletin APSB12-01.  This security update will apply to Adobe Acrobat/Reader versions 9 and 10.  The update for Adobe Reader/Acrobat 10 will contain the fixes for a previously released security bulletin for Adobe Acrobat/Reader 9.

On December 16, 2011, Adobe released a security bulletin (APSB11-30) that patched a critical security vulnerability in the Adobe Acrobat/Reader version 9 program.  This vulnerability was a zero-day vulnerability that Adobe had received reported active attacks against the vulnerability.  Adobe has waited until today to patch version 10 of their products as this version contains a Protected Mode that will prevent the vulnerability from being exploited.

- Jason Miller

Security Bulletin Breakdown:

Affected Products:

This Tuesday will also be a good chance to install the out-of-band security update (MS11-100) on …]]> Microsoft is kicking off the 2012 year with seven new Microsoft Security Bulletins.  Just announced in their advanced notification for the January 2012 Patch Tuesday, these seven security bulletins will address eight vulnerabilities.

Security Bulletin Breakdown:

• 1 bulletin is rated as Critical
• 6 bulletins are rated as Important
• 3 vulnerabilities could lead to Remote Code Execution
• 1 vulnerability could lead to Security Feature Bypass
• 2 vulnerabilities could lead to Information Disclosure
• 1 vulnerability could lead to Elevation of Privilege

Affected Products:

• All supported Microsoft Operating Systems
• Microsoft Developer Tools and Software

This Tuesday will also be a good chance to install the out-of-band security update (MS11-100) on your desktop systems.  This out-of-band security update was released last Thursday (12/29/11) and should already be applied to your public facing web servers.

This January Patch Tuesday will also mark the Adobe Quarterly Security update release.  Adobe has already stated they will be releasing security udpates for their Adobe Reader and Acrobat 10 product lines.  We will have to wait to see what other security patches Adobe may be releasing on Patch Tuesday.

As this marks a light Patch Tuesday, you can see that a lot of work will be greeting administrators from their holiday vacation season.

- Jason Miller

On the Microsoft side, there …]]> Tis the season of good friends, good food, good conversation and of course patching your network.  Today marks the final Patch Tuesday of 2011, and it’s a big one. Microsoft is giving the gift of 13 security bulletins addressing 19 vulnerabilities to add to the stress of this holiday season.  Not to be outdone by Microsoft, other software vendors such as Google and Adobe are also joining in on the season of giving by releasing updates of their own.  This combination of Microsoft and non-Microsoft patch releases will definitely keep us busy this season.

On the Microsoft side, there are two bulletins administrators should look to patch immediately.  MS11-087 fixes a zero-day vulnerability in the Windows Kernel-Mode Drivers.  Microsoft released Security Advisory 2639658 on November 3, 2011 for this vulnerability.  This Security Advisory was released just before the November 2011 Patch Tuesday.  There was speculation at the time that Microsoft would patch this vulnerability in the November 2011 Patch Tuesday release.  Exploit code for this vulnerability was published and Microsoft received reports of limited attacks against this vulnerability.  But, Microsoft did not see wide spread attacks against the zero-day vulnerability and this patch did not make it into the November release cycle.  This allowed Microsoft to release the corresponding Security Bulletin during today’s Patch Tuesday.  As with any zero-day vulnerability, it is critical to patch your systems as soon as possible.  To date the vulnerability has  been exploited a limited numbers times, but the possibility of a wide spread attack is always greater with zero-day vulnerabilities.

With MS11-087, administrators may have applied a workaround as stated in the Security Advisory released last month.  This workaround denied all access to a specific vulnerable DLL on the system.  You do not need to unapply the workaround to apply the patch.  But, it is advised that you unapply the workaround after applying the patch to restore functionality to the system.  If the workaround is left in place, users may not be able to see all fonts on a system, and this could lead to an uptick in support calls.

The next bulletin administrators should look at patching as soon as possible is the bi-monthly cumulative update for Internet Explorer.  MS11-099 fixes multiple vulnerabilities in the browser.  Although none of the vulnerabilities are publicly known or actively being attacked, any browser is a prime target for attackers.

There is an important note regarding Security Bulletin MS11-088 that administrators should be aware of.  This bulletin is only available on the Microsoft Download Center.  This means administrators must manually find the affected product on their network and manually apply the patch.  This bulletin affects IME for Chinese Office installations.  The Office installation must be Chinese.  Any other installation of Office in a language other than Chinese is not affected unless they have been installed with the Chinese Pinyin IME component.

As a final holiday gift from Microsoft, their Advanced Notification for this Patch Tuesday stated there would be 14 bulletins released this month, but they have only released 13 bulletins.  Obviously one of the bulletins needed to be pulled from release due to quality issues.  We will continue to monitor Microsoft to see why one bulletin is missing from today’s release.

On the non-Microsoft side, Google has released a new version of their Chrome browser.  This security update addresses 15 vulnerabilities as well as new features.

Adobe is releasing multiple bulletins for their products.  Adobe security bulletin APSB11-29 addresses two vulnerabilities in their ColdFusion product.  In addition, Adobe is patching their Adobe Reader/Acrobat version 9 products today.  Adobe announced last week they would be addressing a zero-day vulnerability in Reader and Acrobat today in version 9 only.  Adobe Acrobat and Reader version 10 also contain the software vulnerability.  But due to a protected mode in Acrobat and Reader version 10, an attacker cannot exploit the vulnerability.  Adobe will patch this version of Reader and Acrobat during their regularly scheduled quarterly update during the January 2012 Patch Tuesday.

Apple has released a new version of their iTunes product with iTunes 10.5.2.  This update is a non-security update.

VMware is also releasing a new version of their MozyPro backup software.  MozyPro 2.10.7.96 is a non-security update.

And Oracle has joined the list of other software vendors providing updates today by releasing a new version of their Java product.  Java 6 update 30 is a non-security update.  This update is currently only available for JDK download.  We will have to see if Oracle makes this version available to the public on the java.com webpage later today.

I will be reviewing the November 2011 in depth during my monthly Patch Tuesday webinar tomorrow at 11am CDT. You can register to attend the live webinar here.

- Jason Miller

Lastly but not the least, I want to address the feedback from users who would like WU to update their 3rd-party applications. People clearly find the experience with multiple updaters on the system less than optimal (and we agree!) Each application updater gives you a different experience, you have to remember to go visit each updater to install updates, you never know when or …]]> In a recent blog post by Farzana Rahman, Microsoft’s group program manager of the Windows Update group, she wrote that Microsoft has no plans to support third party patching now or in the future. She writes:

Lastly but not the least, I want to address the feedback from users who would like WU to update their 3rd-party applications. People clearly find the experience with multiple updaters on the system less than optimal (and we agree!) Each application updater gives you a different experience, you have to remember to go visit each updater to install updates, you never know when or how updaters will run and what they might do, and so on. People would like one updater for the entire system.

This comes as no surprise to those of us at Shavilk, now part of VMware, who have offered just such a service since the 1990′s. Our flagship product VMware vCenter Protect Essentials Plus (formerly NetChk Protect), delivers a one-stop-shop for all third party applications (and some legacy Microsoft applications, too). All of the complexity that Farzana describes in her post is addressed in a simple easy-to-use interface for organizations of all sizes to keep their networks secure and up to date.

In fact, we offer Security Advisor, a free service that performs a thorough scan of your network and delivers a report on all of the applications installed on machines (whether physical or virtual) on your network. Most companies we talk to are surprised by the number of titles, versions and publishers installed on machines across their networks. What’s worse is that critical updates to these applications are missing, opening the network–and therefore the business–to unnecessary risk.

So, vCenter Protect Essentials Plus is the “one updater for the entire system.” Problem solved.

- Mike Bleakmore

Security Bulletin Breakdown:

Affected Products:

On the non-Microsoft front, Adobe released a security advisory (APSA11-04) for a zero-day vulnerability affecting Adobe Acrobat/Reader 9/10 on December 6th.  …]]> Microsoft has released their advanced notification for the December 2011 edition of Patch Tuesday.  Microsoft is giving the gift of 14 security bulletins addressing 20 vulnerabilities this holiday season.

Security Bulletin Breakdown:

• 3 bulletins rated as Critical
• 11 bulletins rated as Important
• 10 vulnerabilities could lead to Remote Code Execution
• 1 vulnerability could lead to Information Disclosure
• 3 vulnerabilities could lead to Elevation of Privilege

Affected Products:

• All supported Microsoft Operating systems
• Publisher 2003, 2007
• Excel 2003
• PowerPoint 2007, 2010
• Office 2007, 2010
• PowerPoint Viewer 2007
• Office Compatibility Pack 2007

On the non-Microsoft front, Adobe released a security advisory (APSA11-04) for a zero-day vulnerability affecting Adobe Acrobat/Reader 9/10 on December 6th.  Adobe is planning to release a patch for Adobe Acrobat and Reader version 9 during the week of December 12, 2011.  In other words, Adobe will be joining Microsoft’s Patch Tuesday this month.  Adobe Acrobat and Reader 10 are also affected by this vulnerability, but Adobe’s Protected View prevents the exploitation of the vulnerability.  For Adobe Acrobat and Reader 10, Adobe will release a patch during the January 2012 Patch Tuesday.

With administrators commonly taking vacations this time of year, the large number of security bulletins Microsoft is planning to release may seem a bit unfair.  However, this is in line with past typical Microsoft December Patch Tuesdays.

Last year, Microsoft released 17 security bulletins during the December 2010 Patch Tuesday.  This brought the total number of security bulletins released by Microsoft in 2010 to 106.  With the December 2011 Patch Tuesday security bulletins, the grand total for released security bulletins for 2011 will bring us to 100.

Stay tuned for more 2011 year in review information.  Later this month I will be releasing “Patching Year in Review” information.

I will be talking about December’s Patch Tuesday next Wednesday, December 14th at 11:00am CST in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

- Jason Miller

Just a quick update on the latest XML release for VMware vCenter Protect Essentials Plus as you will notice some new items have been released.  As many of you know, vCenter Protect Essentials Plus 8.0 offers a new feature called ITScripts.   This integration with Microsoft Powershell  delivers powerful scripting capabilities through vCenter Protect Essentials Plus.  In the XML release yesterday we did release three new script into the VMware Script Catalog.

A little about XML Announcements for those who may not be familiar.  vCenter Protect Essentials Plus has regular data releases to update patch data.  Typically you will …]]> Hey Everybody,

Just a quick update on the latest XML release for VMware vCenter Protect Essentials Plus as you will notice some new items have been released.  As many of you know, vCenter Protect Essentials Plus 8.0 offers a new feature called ITScripts.   This integration with Microsoft Powershell  delivers powerful scripting capabilities through vCenter Protect Essentials Plus.  In the XML release yesterday we did release three new script into the VMware Script Catalog.

A little about XML Announcements for those who may not be familiar.  vCenter Protect Essentials Plus has regular data releases to update patch data.  Typically you will see a release every Tuesday and Thursday, but it can vary.  ITScripts is now driven by the same data releases.  Although scripts will not be releasing nearly as often as patch data, you will be able to keep up on what is releasing through the XML Announcements.   In the announcment you will see [Patch-ITScripts] in the subject line indicating this release includes additions or changes to the script catalog.

So in yesterday’s release we included three new scripts.

• Disable Adobe Reader and Acrobat Updater (version 1.0.0.5)
• Get Security Center Status (version 1.0.0.40)
• Local Administrator Password Change (version 1.0.0.6)

These new scripts are available in vCenter Protect Essentials Plus 8.0 today and can be approved by going to Manage > ITScripts.  From there you can approve the scripts for use in vCenter Protect Essentials Plus.  Depending on your license and if you are a vCenter Protect Essentials or Essentials Plus customer you will see the scripts available to you.

For more details you can go to the ITScripts Community Site.  Here you can find a write up on each of the scripts in the VMware Script Catalog. You can also find answers to common questions and post questions relating to the scripts as well.  One specific thing that customers have asked is which scripts should I see as a vCenter Protect Essentials or Essentials Plus customer.  Each script is tagged with Essentials or Essentials Plus to show what license level you need to see them.  vCenter Protect Essentials Plus customers see all Essentials scripts with the addition of the Essentials Plus scripts.

Regards,

Chris Goettl
Customer-Product Owner
SMB Management Solutions
VMware

The first bulletin administrators should address is MS11-083.  This bulletin addresses one vulnerability in Windows TCP/IP.  If an attacker sends a stream of malicious User Datagram Protocol (UDP) network packets to an unpatched machine, the attacker could gain control over the affected system.  With this type of an attack scenario, alarms could be raised about the potential of a vulnerability that is used in a worm.  However, there are a few items that will make it difficult …]]> Microsoft has released four new security bulletins for this edition of Patch Tuesday.  These four security bulletins address four vulnerabilities.

The first bulletin administrators should address is MS11-083.  This bulletin addresses one vulnerability in Windows TCP/IP.  If an attacker sends a stream of malicious User Datagram Protocol (UDP) network packets to an unpatched machine, the attacker could gain control over the affected system.  With this type of an attack scenario, alarms could be raised about the potential of a vulnerability that is used in a worm.  However, there are a few items that will make it difficult for an attacker to use this exploit in a worm.  First, the network port attacked on the target machine must be closed.  Second, a normal UDP packet streamed to a vulnerable machine will not allow the attacker to gain access to the system.  The UDP packet must be “specially” crafted.  An attacker will need to figure out the type of packet to send to a vulnerable machine.  Finally, this vulnerability was privately disclosed to Microsoft so there is no known code out in the wild at this time and Microsoft has not received any reports of attacks against this vulnerability.

On the non-Microsoft front, a couple of vendors will be a part of this Patch Tuesday.  Adobe released a new security bulletin for their Shockwave player today.  This security bulletin addresses four vulnerabilities and is rated as Critical.  Mozilla is planning to release new versions to the Firefox, Thunderbird and SeaMonkey product families.

Patch Tuesday is no longer just about Microsoft releasing new security bulletins.  Many other vendors can sneak in with their own security releases that can be just as or more important than Microsoft releases.  Given the history of non-Microsoft vendors releasing on Patch Tuesday, administrators should plan for the unexpected during the monthly patch maintenance window.

I will be reviewing the November 2011 in depth during my monthly Patch Tuesday webinar tomorrow at 11am CDT. You can register to attend the live webinar here.

- Jason Miller