Security Quest #5 – Patch Tuesday

Microsoft released five desktop security patches this month, 4 rated as critical and 1 rated important. All supported desktop OS’s get patched along with Internet Explorer and Outlook Express/Windows Mail. Even Mac users may need a patch. They also released one patch that was only for servers.

Bulletin MS07-060 is for Office 2000, Office XP and Office 2004 for Mac users. It’s rated as critical for Office 2000 and important for the others. It patches a vulnerability that could allow remote code execution.

Windows 2000 users will need MS07-055 which is a critical update to patch the Kodak Image Viewer. MS07-058 also applies to Windows 2000 but it’s rated as a low risk. On Windows 2000 the MS07-058 patch replaces MS06-061. Windows 2000 users will also get the IE and mail patches mentioned below.

Windows XP users will need MS07-055 which is a critical update to patch the Kodak Image Viewer. You’ll also need MS07-058 as an important update to patch an RPC vulnerability that could be used for a denial of service attack. Windows XP users will also get the IE and mail patches mentioned below.

Windows Vista users will need MS07-058 which is rated as important to fix an RPC vulnerability and prevent a denial of service attack. Windows Vista users will also get the IE and mail patches mentioned below.

Internet Explorer gets its typical cumulative update with MS07-057 which applies to all supported IE versions on all OS’s. It’s rated critical on all desktop OS’s.

Outlook Express and Windows Mail users on any version of Windows will need MS07-056. The vulnerability is rated critical for Outlook Express on a pre-Vista OS and rated important for Windows Mail on Vista.

I didn’t have any problems with the Windows XP, Windows Vista, IE and Mail patches although I don’t use the software enough where I would notice subtle problems.

Vulnerabilities

Adobe acknowledged the previously reported PDF vulnerability and offered a rather involved workaround. They expect an update to plug the vulnerability by the end of October.

Security Software

CNET looked a Norton Antivirus 2008 and rated it a 7.3 (very good). Users gave it a 3.5 so far. Even though it’s “very good” CNet’s review doesn’t make it sound like software I’d want to buy. Seems like Symantec still equals bloatware.

News & Information

 

A Notable Step in the Fight Against Phishing – Security Fix – Yahoo, eBay and PayPal get together and implement DomainKeys to fight phishing.

ArsTechica.com – Study: PEBKAC still a serious problem when it comes to PC security – Ars Technica brings a story about a study showing that the typical computer user is a security problem.

ArsTechnica.com – Ready or (mostly) not: here come more contactless payment devices – Visa is implementing contact-less payment. Ars Technica has a good summary of the security concerns. I’ll be keeping my magnetic striped card for now.

Feds shut down California’s domain name over hacker intrusion – TECH.BLORGE.com – California websites are hacked, remain hacked, so the feds started shutting them down.

Techdirt: Homeland Security Can’t Even Configure Its Mailing List Software Correctly? – Homeland Security has email problems. Not a real security problem since it was a public list, put makes you wonder.

Tech.blorge.com: French government unveils new tool to cut spam email – They have a new tool that makes reporting spam easy. Still some questions whether it will be embraced by users and ISP’s.