Posted by: Tony Bradley
drive-by attack, kernel-mode drivers, Microsoft, MS09-063, MS09-065, nCircle, Patch Tuesday, security bulletins, Tyler Reguly, vulnerabilities, Windows
Today is Patch Tuesday for November, 2009. Microsoft released 6 new Security Bulletins for November–3 rated as Critical and 3 rated as Important. Of course, not all Critical Security Bulletins are necessarily created equal.
Tyler Reguly, Lead Security Research Engineer with nCircle, says “There’s no question that this month, the most important bulletin to patch today is MS09-065. Given the drive-by attack vector presented in Internet Explorer, combined with the Office document vector, this bulletin is dangerous and should be patched as soon as possible.”
Reguly goes on to describe concerns with some of the other Security Bulletins. ”There are three vulnerabilities this month that target a listening service. While none of them are likely to considered great candidates for exploit, they are worth noting as they all primarily affect the enterprise. It is unlikely that the home user will be running a license logging server or have Active Directory up and running. While Web Services on Devices affects Vista and Server 2008, the attack vector requires that you be on the local subnet, meaning the home user is unlikely to see any real risk.”
While I understand that businesses have critical software that could be impacted and therefore may need to test patches before deploying throughout the environment, I highly recommend that home users simply enable the Automatic Updates in Windows to ensure their systems are protected automatically with as little intervention as possible.
Make sure you read the details of the Security Bulletins to understand what platforms and applications are affected and what the possible impact could be to your systems. This summary provides links to the Security Bulletin details and the downloads for the patches and updates to protect your computer.
Reguly had one last thing to add about this month’s batch of Security Bulletins. “As a researcher, I always like to comment on the bulletin that I find the most interesting. This month that is definitely MS09-063. The Web Services on Devices API attack interests me greatly as it’s remote code execution on a listening service. I’m rather excited to dig deeper into this one and find out how it works.”
Hopefully he’ll figure out the nuts and bolts of how it works and share that information with us. Thankfully though, you can just apply the patch and not worry about it.