Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Microsoft Patches for August

This MSRC blog posting outlines the patches that were released last Tuesday, and provides links to the security bulletins for each patch.

<aside>An interesting statistic: according to this article, Microsoft has released more patches in the first 8 months of 2006 than in all of 2004 and 2005 combined. I don’t know if that makes me feel more secure—in that they are patching more vulnerabilities instead of not patching them—or less secure.</aside>

The MS06-040 bulletin is the one critical patch that is really getting everyone’s attention; this is the one that is deemed to be “wormable,” capable of creating a self-replicating worm such as Blaster or Slammer. In fact, there were reports of limited attacks using the exploit patched by MS06-040. According to a follow-up posting on the MSRC blog, these attacks were limited in nature and only affected Windows 2000 (see this MSRC posting as well).

Fortunately, the MS06-040-based attacks are fairly straightforward to defeat, especially for traffic coming from the Internet. By blocking TCP ports 139 and 445 at the perimeter, these attacks are defeated. Of course, that does nothing for the kind of internal infections that were so common with Blaster (which was often carried in by a laptop and then spread behind the firewall). This article has more information on protecting against the MS06-040 attack.

One other patch (examined in more detail here) fixes the zero-day PowerPoint exploit that garnered attention back around the middle of July.

Because exploit code already exists for both of these vulnerabilities, many security experts are recommending that organizations give priority to getting these patches rolled out to affected systems.

Be social and share this post!