Tuesday, January 12, 2010

Microsoft Patch Tuesday - January 2010

Microsoft has a very light patching month with only one bulletin addressing a critical vulnerability affecting Embedded OpenType (EOT) Font. This user-level, client-side vulnerability requires an attacker to trick a user into viewing a web page or open a file which contains malicious content. However, Microsoft isn’t the only one releasing patches. Both Adobe and Oracle are following suit this month.

Adobe is releasing a security update addressing critical vulnerabilities in Reader and Acrobat. These security fixes are addressing zero-day vulnerabilities that have been exploited in-the-wild since being made public on December 14, 2009.

Oracle has a quarterly critical patch update they are releasing today. This update addresses 24 vulnerabilities across multiple applications

Security Best Practices Tips:
·    Install vendor patches as soon as they become available after proper testing in a test environment before applying to a production environment.
·    It is important to run all applications at the user level (least privileges) and only run the administrator account and as a privileged user to maintain functionality of the machine as needed (i.e. When needing admin privileges to install an application, a user can use the RunAs function to quickly switch to Administrator privileges while logged into a lower-privileged user).
·   Users should avoid downloading files from unknown or questionable sources - whether an email with attachment from an unknown sender, downloading from questionable website, or using flashdrive media where the integrity of the drive such as the drive's origin is in question.
·    Block external access at the network perimeter to systems until specifically required.

Microsoft’s summary of the January releases can be found here:

Microsoft Critical Vulnerability Summary:

MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
CVE-2010-0018 (BID 37671) Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 7.1/10)
A remote code execution vulnerability affects the Embedded OpenType Font (EOT) engine when decompressing files and content containing embedded fonts. An attacker can exploit this issue by tricking a victim into opening a malicious file, or viewing a Web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.
Affects: Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows Vista x64 Edition, Windows Vista x64 Edition SP1, Windows Vista x64 Edition SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems SP2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems SP2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems

-Stephen Geldersma, Digital Designs LLC


*Posting is provided "AS IS" with no warranties, and confers no rights.*