Brian's Security Blog: Security Updates Archives

April 29, 2005

Tech Ed Europe Announcement

Hi all,

I have just been invited to speak at Tech Ed Europe again in Amsterdam. I will be presenting two sessions and one chalk talk. I am not sure of what dates the sessions will be presented, but wanted to post the session titles and abstracts.

Managing a Smart Card Deployment
Many companies are exploring the deployment of smart cards to increase authentication strength in their networks. This session discusses the design issues you must address when designing your smart card deployment. Not only does a successful smart card deployment require policies and procedures to ensure success, the deployment must also have tools to assist in the deployment and management of the smart cards. The session will look at how Microsoft clients have deployed smart cards in their networks; identify the applications that work for smart cards, and where you still cannot use smart cards. Finally, the session will demonstrate a third party registration authority that allows key recovery for encryption certificates stored on smart cards and helps ensure that identity is proven before issuing a certificate to the certificate requester.

Securing Your Active Directory Deployment: Best Practices
From authentication to authorization, Active Directory is at the heart of distributed network security in a Windows Server based IT infrastructure, and thus plays a key role in securing your IT infrastructure. It is imperative that your organization takes adequate measures to maintain strong security of your Active Directory deployment so as to minimize the risk of a security breach in your Active Directory deployment. In this exciting session, we analyze known threats to your Active Directory deployments and walk through the Top-ten list of actions to take to enhance the security of your Active Directory deployments - from establishing secure Active Directory boundaries to deploying secure domain controllers, from enhancing critical security policies to protecting your administrative accounts and workstations. Come learn everything you need to know to secure your Active Directory deployments.

Chalk Talk: Using Scripting to Ease your PKI Deployment
You are ready to implement your Public Key Infrastructure, and you want to ensure that what you deploy is what you designed. Brian Komar will demonstrate the batch files and scripts that MCS uses during PKI engagements to simplify the PKI deployment process. Not only do these scripts help deployment, but also aid you in a disaster recovery scenario. At the end of the session, you will see the true value of the CertUtil command-line tool.

Brian

Posted by at 06:21 AM | Comments (0)

April 18, 2005

So What do the Security Update Ratings Mean?

When Microsoft releases the latest round of updates on "Update Tuesday", I receive a lot of people on what the difference is between a critical update and an important update. I find that most news media have no idea at all what the difference is, and in fact, blur the lines when reporting on the newest updates.

First some background information...

When a security fix is released, the Microsoft Security Response Center (MSRC) issues a security bulletin that identifies the addressed vulnerability.It is this security bulletin that is assigned a severity rating. The ratings system implemented by the MSRC in November 2002 uses the following ratings:

- Critical A vulnerability that might allow an attacker to gain control of your computer through elevation of privilege or by allowing access to sensitive data. You should always apply a critical-rating updates in your environment. I recommend starting testing of a critical update within 24 hours of the update?s release. Try and expedite testing so that you can deploy the tested update within two weeks of release to all affected systems.

- Important A vulnerability that might compromise the confidentiality, integrity, or availability of user data, as well as the integrity or availability of processing resources. You should always apply important-rating updates in your environment. I recommend that you apply an important update within one month of the update?s release. If your organization implements testing of all updates (which is a must to prevent any unexpected issues), try and take no longer than two months for your testing process before applying an important update.

- Moderate A vulnerability that might be mitigated by good security measures, such as implementing a security baseline configuration or performing regular network auditing. This rating is typically assigned to vulnerabilities that are difficult to exploit. A moderate update should be evaluated by your organization to determine whether the vulnerability addressed is relevant to your company before implementing testing and deployment of the update. If the update is relevant, you should apply the update within four months of the update?s release. In some cases, even consider waiting until the next service pack or roll-up is released that includes the patch. If your organization is performs testing of all updates, you should deploy the tested update within six months of release.

- Low A vulnerability that is extremely difficult to exploit or whose impact is minimal. Only consider applying a low rating update if it addresses an issue faced by your organization. I recommend waiting until the next service pack or roll-up that includes the low update before applying it. In some cases, you might decide to never deploy the update if it is not relevant to your organization.

Finally, a critical update is not necessarily a bad thing. Yes, it is a potential vulnerability that can expose your computers to attackers. But remember, the security update fixes the problem. When critical updates are released, it is a race between you and a potential attacker. Get testing and get that update deployed - you win the race!

Brian

Posted by at 11:31 AM | Comments (0)

April 15, 2005

The April Security Updates

This month's security updates were made available this past Tuesday. This month's security updates include several critical updates:

- MS05-016 fixes how the Windows shell handles application associations for user's logged in as members of the local Administrators group. This update replace the February MS05-008 security update.
- MS05-019, fixes a TCP/IP vulnerability that allowed an attacker to send IP or ICMP messages to reset TCP connections or start a DoS attack

- MS05-020 is a cumulative security update for IE 5 and 6 that fixes the way IE handles DHTML objects, Content Advisor files, and certain URLs in a Web page created by an attacker to take control of the user's computer.
- MS05-021 updates a critical bug found for Exchange 2003 and Exchange 2003 Service Pack 1 that fixes a weakness in how SMTP handles DNS lookups.
- MS05-022 Updates a previous bug for MSN Messenger that prevents an attacker from sending a PNG image that attempts to remotely control a computer.
- MS05-023 protects Microsoft Word from a buffer overrun attack that could allow an attacker to view, change or delete data on the computer.

Brian

Posted by at 09:36 AM | Comments (0)