In October 2007, Microsoft released a non-security update that addressed an issue with large files and digital signature verification. Microsoft introduced technology in Windows XP and higher that helped users avoid running unsafe file. With this technology, Windows Installer will verify the digital signature of a file to verify the file is intact and has not been tampered with in any way. The non-security patch KB925336 addressed this issue. You may have seen this issue in 2007 when Vista Service Pack 1 was released as this Service Pack was an extremely large file. We actually saw this issue when trying to install Vista Service Pack 1. After applying the non-security update, we were able to apply the Service Pack to target systems with no issues.
During the July out-of-band release, Microsoft released another non-security patch in addition to the two security bulletins. This patch may have missed your patch management radar as we were all focused on the security bulletins. The non-security patch KB978325 addresses the exact same issue. This time, it appears the only changes are the affected operating systems: Windows Server 2003 Service Pack 2.
If you are running into issues deploying large files, (MS09-035 has large file size for patches), this may be the patch for you. We will be adding this patch to our database next week as well.
Microsoft has made a new version of Silverlight available: Silverlight 3. More information regarding Sivlerlight can be found here.
Highlights of Silverlight 3:
- Improved security and reliability
- Improved media and video support, including support for H.264 video
- The ability to run Silverlight applications outside the browser
- Significantly improved graphics, graphical performance, and creative effects, including support for Perspective 3D graphics
- Improved development productivity for rich Internet applications (RIAs)
We will be adding this to our XML next week.
Hopefully, most of us have already patched our IE browsers for potential malicious attacks on the ATL (Microsoft Active Template Library) vulnerability this week. But, that could only be one half of the equation for Microsoft’s out-of-band patch release. Visual Studio is affected by this vulnerability as well, but in a different manner. Software vendors who use Visual Studio for creating their products could potentially publish vulnerable versions of their files. We have seen reports of some companies updating their software to address this vulnerability.
The biggest example to date is Adobe. This week alone, they have published new versions of Adobe Shockwave, Adobe Flash Player, Adobe Acrobat and Adobe Reader. I will have to say “hats off” to Adobe for rapidly pushing out updates for their software. Many exploits floating around the Internet target Adobe products because they are so widely used.
As more companies update their software for this vulnerability, this could potentially be a nightmare for Administrators in the coming months. Most administrators have a patching cycle for their systems, so users can plan on outages. Only time will tell on this as we are watching and monitoring software vendors for updates.
The Adobe security bulletin affecting Shockwave can be found here.
The Adobe security bulletin affecting Flash, Reader and Acrobat can be found here.
The Microsoft security advisory for the ATL vulnerability can be found here.
Shavlik NetChk Protect 7 has been released and is available for download from our web site. I am personally very excited about this release as it fulfills the next phase of my vision of a high performance systems and security management solution built on a zero or one agent architecture. This is critical to users who need that flexibility, which is everyone really, but what our customers need to know is the agent in NetChk Protect 7 is also one of the industry’s most flexible, high performing agents available.
As I spoke about in an earlier post, we have licensed Sunbelt’s VIPRE antivirus engine and integrated it with NetChk Protect 7, and it is a key component of the Shavlik Security Suite. So now users can now setup one system and get patch management and end-point protection at the same time, without having to pay extra for AV.
Thanks to a great group of customers, we had a high participation in our beta program, and their positive feedback on the new and enhanced features and they are excited to upgrade to the new version.
And as always a ton of thanks to all our employee who made this product happen!