TechSpot - PC Technology News and Analysis

Just got this on my mailbox, thought you might find it useful:


Today, Microsoft issued information on 12 new security bulletins. The following summary provides Symantec’s evaluation of two of the most critical issues.

Vulnerability in Microsoft Malware Protection Engine

Symantec Security Response rates the Microsoft Malware Engine vulnerability to be the most critical of the security bulletins. This remote code execution vulnerability has affected various Microsoft products that include the Malware Protection Engine, including Windows Live OneCare, Microsoft Antigen 9.x, Microsoft Windows Defender, Microsoft ForeFront Security for Microsoft Exchange Server 1.x, and Microsoft ForeFront Security for SharePoint Server 1.x.

This vulnerability occurs when Microsoft’s AntiVirus client that uses the Microsoft Malware Protection Engine is configured to allow PDF file processing. This vulnerability is critical since the malicious PDF could be hosted on a Web site or distributed via e-mail where it could be scanned by the infected AV engine at the gateway or when it arrives at the desktop. A successful exploit will completely compromise the affected computer.

Vulnerabilities in Microsoft Word

Microsoft also issued patches for multiple vulnerabilities in Microsoft Word, which corrects the zero-day Word vulnerabilities associated with Trojan.Mdropper.T/W/X, which are Trojan horses that attempt to drop additional threats on the compromised computer. This bulletin also includes a patch for a client-side code execution vulnerability in Microsoft Word that can be triggered by a malformed object embedded within a document. A successful exploit could let a remote attacker execute arbitrary code in the context of the currently logged in user.

“Symantec continues to track the increasing trend of zero-day vulnerabilities and this months critical vulnerabilities noted in Microsoft Word point to that trend,” said Vince Hwang, group product manager, Symantec Security Response. “As hackers continue to close the gap between disclosing and exploiting vulnerabilities, Symantec recommends that both enterprises and consumers actively update their software with patches as soon as they are available.”

Symantec recommends the following actions for IT administrators:
• Evaluate the possible impact of these vulnerabilities to critical systems.
• Plan for required responses including patch deployment and implementation of security best practices using the appropriate security and availability solutions.
• Take proactive steps to protect the integrity of networks and information.
• Verify that appropriate data backup processes and safeguards are in place and effective.
• Remind users to exercise caution in opening all unknown or unexpected e-mail attachments and in following Web links from unknown or unverified sources.

Symantec recommends the following actions for consumers:
• Regularly run Windows Update and install the latest security patches to keep software up to date.
• Avoid opening unknown or unexpected e-mail attachments or following Web links from unknown or unverified sources.
• Use an Internet security solution such as Norton Internet Security 2007 to protect against today's known threats and tomorrow's Internet security risks.

Additional information will be available on Symantec’s Security Response Blog shortly at:
http://www.symantec.com/enterprise/s...sponse/weblog/

Additional information on Microsoft’s security bulletins can be found at:
http://www.microsoft.com/technet/sec.../ms07-feb.mspx

[BTW: you should always read the fine print before you install updates.
UPDATES ARE HIGHLY RECOMMENDED --
just be aware that there may be consequences that are not obvious. jobeard]

What are the known issues that customers may experience when they install this security update?
Microsoft Knowledge Base Article 928090 documents the currently known issues that customers
may experience when they install this security update. The article also documents recommended solutions
for these issues. For more information,
see Microsoft Knowledge Base Article 928090

Does this update contain any security-related changes to functionality?
Yes. Besides the changes that are listed in the “Vulnerability Details” section of this bulletin,
this update includes a defense-in-depth change to Internet Explorer.
This defense-in-depth change helps mitigate the vulnerability addressed in Microsoft Security Bulletin MS06-045.
The changes are also included in Windows Internet Explorer 7. Also included are security-related changes
that were introduced in previous Internet Explorer bulletins.

Additionally, this update sets the kill bit for ActiveX controls previously addressed in Microsoft Security Bulletins:
•

The WMI Object Broker ActiveX control that is addressed in Microsoft Security Bulletin MS06-073:
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674):
•

7F5B7F63-F06F-4331-8A26-339E03C0AE3D

Does this update contain any changes to functionality?
Yes. Besides the changes that are listed in the "Vulnerability Details" section of this bulletin,
this update includes the following changes in security functionality:

This security update includes changes to the Windows Internet Explorer 7 Phishing Filter.
These changes where first introduced in the update discussed in Microsoft Knowledge Base Article 928089:
“The computer may respond very slowly as the Phishing Filter evaluates Web page contents in Internet Explorer 7”