Microsoft: April 2007 Archives
The Microsoft Security Response Center writes today that the DNS server patch is on target for May 8th.
"support for the legacy WSUSSCAN.CAB expired in March 2007, you need to ensure that your detection and deployment tools now support the new WSUSSCN2.CAB file. There will be no support for the security update for this issue in the old WSUSSCAN.CAB architecture. "If you use MBSA 2.0 in offline-scan mode, you will need to use MBSA 2.0.1. If you use the SMS 2003 Inventory Tool for Microsoft Updates (ITMU), you need to ensure you’re using version 3 of that tool.
Next, a reminder that as part of our standard Microsoft Support Lifecycle, support for Windows Server 2003 expired on April 10, 2007 with the April monthly bulletin release. Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are the currently supported versions."
While I think the ITMU requirement came up last month, I suspect a lot of people will be caught flat footed with the Windows 2003 RTM expiration.
SANS is reporting that successfull attacks were seen on April 4th against Windows DNS servers at two U.S. Universities.
We've disabled remote management of DNS. It would be a bad thing™ if our domain controllers were compromised. Don't forget to check for other places you might use Microsoft DNS. Some systems up on our DMZ are running Microsoft DNS. Fortunately those are all firewalled correctly.
While reloading my computer, I found that there is an upgrade to Microsoft Desktop Search. Version 3 does have one imrovement. It has the capability to index file shares. That could be useful.
So far I'm struggling with one drawback. In the past I have indexed multiple mailboxes. This makes it easier to find account approval emails that might be in on several accounts. I have the two additional accounts opened with this Outlook Profile.
First I tried disabling the new default setting in Desktop Search to only index the local cache. These mailboxes are not part of the local cache. That didn't help. I have two thoughts left, set up the extra accounts as IMAP accounts or check if the indexing in Outlook 2007 is better.
We have a Windows 2003 64 Bit Edition with Service Pack 2 installed. Our vulnerability scanner is reporting that this server is vulnerable to MS07-013 because %windir%\system32\riched20.dll version is version 5.31.23.1225. According to the security bulletin http://www.microsoft.com/technet/security/Bulletin/MS07-013.mspx this should be version 5.31.23.1226. Neither Microsoft Update or MBSA detect a patch needed on this system.
Is MS07-013 included in Windows 2003 sp2? Is the system still vulnerable? Who knows!
It is not included in the list of updates included in Windows 2003 SP2 http://support.microsoft.com/kb/914962
If %windir%\system32\riched20.dll version 5.31.23.1225 is considered “patched” in Windows 2003 sp2 than we need the security bulletin updated. If it is not patched then I need a patch released.
I've sent a note to my Microsoft TAM. We'll see what happens.
I notice that a mailing list at patchmanagement.org reports four other curious patches. Those patches all have correct file versions on my server.
update - I heard back from my TAM. He provided this link which indicates MS07-013 is included in Windows 2003 sp2. While it doesn't specify the version number to expect, it does say it will be earlier than if you applied the patch to a sp1 server.
SANS is reporting the the Microsoft ANI patch may be causing some problems. That's the kind of headline that strikes fear into someone who is about to "release the hounds" and push patches to the enterprise.
The article fails to mention specifics about any of these bugs other than one bug when interacting with a specific third party software. A patch for that was available at the same time Microsoft released the ANI patch.
A second reading shows that they've only "received a few emails." So in the vast SANS audience they've found a few computer problems. That's probably par for any software installation. I would suspect that the importance of this update has brought people out of the woodwork who haven't updated for a while.
Its now been 18 hours since that entry was posted, and it has not been updated. You'd think when you raise questions about a patch, you'd follow up with an all clear or confirmation of what is breaking.
As announced originally when they went to the "patch Tuesday" practice, Microsoft does release patches out of cycle as events warrant. Microsoft has announced that a patch will be released Tuesday April 3rd.
.
