Expand Your Third-Party Patching with Shavlik SCUPdates

Read any computer security report today and it will offer the same conclusion: patching – of both operating systems and applications – is the fundamental effort that any organization should undertake to improve its security profile. In order to minimize exposure to vulnerabilities to the fullest extent, an IT department should patch Microsoft applications and operating systems, legacy and third party applications.

However, for IT managers that use Microsoft System Center Configuration Manager (SCCM), the cost and effort to include these legacy and third party applications in the SCCM infrastructure can be prohibitive. Microsoft provides System Center Updates Publisher (SCUP) so SCCM can deliver updates for third party applications, such as Adobe Reader, Firefox and others. But there is a considerable effort needed in order to implement SCUP.

While Microsoft gives you SCUP to add third-party applications to SCCM, you still need to supply data about the actual patches as well as the patches themselves. If you have ever tried to keep up with third- party applications such as Apple, Java, Firefox, and Google, you know these companies don’t release patches on a predictable release cycle of Microsoft’s monthly Patch Tuesday releases. If you do track third-party companies the way Shavlik has for years you know that each vendor will have their own schedule and it’s not very predictable!

As an SCCM administrator you have more than enough to do in your busy day, and adding another task of tracking third-party patch releases is probably not something you want to spend your time doing.  (However, if you enjoy tracking patches, please apply at Shavlik.com, we are always looking for talented, passionate IT people.)  For the rest of you, Shavlik provides SCUPdates- a simple data file that can save time and significantly improve your security by integrating Microsoft and third-party applications into a single workflow. All that is required is to install SCCM and SCUP, and Shavlik will do the rest. If you are interested in learning more or seeing just how easy third-party application patching can be with Shavlik SCUPdates please join me for my webinar on August 3rd at 10:00am CDT.  Register here.

-Nik Patronas

Access Intimidation

Don’t be intimidated out of making changes to your computer that improve your security and reduce the risk to vulnerabilities. An interesting phenomenon of antivirus software is the real time scanning it provides. Recently my laptop hardware was upgraded and it required me to install a new video driver to support the enhanced graphics built into the onboard chipset. I was faithfully scanning my laptop for the latest patches and service pack support as well as checking that the drivers were current for the hardware. The video driver vendor insisted there was an available upgrade and I immediately tried to install it from the Internet per the online support. The driver was unsuccessful in loading so I decided to download it to my local hard drive and retry the install. It downloaded successfully and when I double clicked the file it presented the installer and uncompressed the files, but when the progress bar was presented it halted with no error message displayed. Once again, when it rebooted I was informed that video driver update was available. I examined my antivirus/malware quarantine folder and discovered the video driver software had been added. It was a simple task to add the name of the file to my “white list” of acceptable applications and when I attempted the install again it was successful.

While frustrating to install, I am glad my computer is well protected and that driver level modifications are not taken for granted. I wanted to pass this on to users that might think that they are unable to make modifications or updates to their computers because of insufficient access rights or equipment malfunction when in reality they were simply protecting themselves from themselves. Remember that a lot of solutions to computer problems are resolved with understanding PEBCAK (Problem Exists between Chair and Keyboard).

In reviewing the new known malware on the Internet in June 2011, following are two new vulnerabilities that could affect your security:

Adobe Flash Player CVE-2011-2107 Cross-Site Scripting Vulnerability Alert
The vulnerability, CVE-2011-2107, is a cross-site scripting vulnerability that can allow an attacker to make HTTP requests while masquerading as the affected user. This vulnerability is being exploited in the wild in targeted attacks.

Microsoft Internet Explorer CVE-2011-1255 Time Element Remote Code Execution Vulnerability
The vulnerability affects Microsoft Internet Explorer versions 6, 7, and 8. The issue is related to the time element handling and occurs due to memory corruption, allowing an attacker to execute arbitrary code in the context of the application. Failed attacks may result in denial-of-service conditions.

– Kim Fors

July 2011 Patch Tuesday Overview

Microsoft has released 4 new security bulletins in the July 2011 edition of Patch Tuesday.  These 4 security bulletins address 22 vulnerabilities.  After a hefty Patch Tuesday last month, administrators are getting a bit of a breather with a manageable security bulletin release.  Even with a small release, there are some key points to consider.

The first security bulletin administrators should look to deploy first is MS11-053.  This new security bulletin addresses one vulnerability in the Bluetooth stack for Windows Vista and Windows 7.  The vulnerability addressed in this bulletin is very interesting and a little bit on the scary side.  An attacker in the same vicinity of a vulnerable machine with Bluetooth enabled could result in an attacker sending malicious Bluetooth packets.  This could result in remote code execution.  Could this vulnerability be the new case of drive-by war dialing?  The example of a prime target I keep seeing in my head is the local sandwich shop near my house.  Every time I pop in to satisfy my sandwich craving, I see 20-30 people working wirelessly.  This just seems like a prime target for new war dialing techniques.  It is important to note that Microsoft has and exploitability index rating of 2 on this bulletin.  This makes the vulnerability more difficult to exploit.  If you have mobile users working outside of your office, you will want to look at patching these machines as soon as possible.

The DLL preloading issue that Microsoft has been addressing over the past year is back again this month with MS11-055.  This bulletin will address a vulnerability in Microsoft Visio 2003 that could lead to remote code execution.  The security advisory released last August (2269637) has seen numerous updates as Microsoft continues to find products affected by this vulnerability.  You can be assured we will continue to see security bulletins addressing this vulnerability in the future.

MS11-054 addresses 15 vulnerabilities in the Windows Kernel-Mode Drivers.  At first glance, the number of vulnerabilities addressed in this single bulletin seems alarming.  All of the vulnerabilities addressed in this bulletin are related.  An attacker must first have access to a system before they can exploit the vulnerability.

MS11-056 addresses 5 vulnerabilities in the Windows Client/Server Run-time Subsystem on all supported Microsoft operating systems.  Like MS11-054, all of the vulnerabilities are related.  This bulletin also requires an attacker to first have access to a system before they can exploit the vulnerability.

Now for the special note on MS11-053.  Microsoft is releasing a non-security patch this month to coincide with the security bulletin for Bluetooth.  Microsoft has seen issues where security updates for Windows 7 would occasionally fail to install Windows drivers if you are using Windows Update.  To combat this, Microsoft is fixing issues in the user-mode Plug-and-Play (UMPnP) manager stack.  Microsoft is stating that the non-security update will be offered as a child update within MS11-053.  If the security update notices the non-security update is not installed on the system, the non-security update will be deployed to the system first.  This will prompt a reboot of the target system.  After the reboot, the security update will be offered and installed.

This scenario could result in some longer patch deployment times and possibly multiple reboots of client systems for administrators.  This could seem painful, but it is nice to see Microsoft addressing a potentially longer term issue with driver patching by fixing the issue.

On the non-Microsoft front, Mozilla has released a new update for their browsers.  This update fixes an issue where Firefox could crash on the Mac OS operating system.  Mozilla is attempting to only offer this update through their autoupdate mechanism to only Mac OS operating systems.

I will be reviewing the July 2011 in deploy during my monthly Patch Tuesday webinar tomorrow at 11am CDT.  You can register to attend the live webinar here.

– Jason Miller

July 2011 Patch Tuesday Advanced Notification

Microsoft has just released their advanced notification for the July 2011 edition of Patch Tuesday.  Microsoft is planning to release 4 security bulletins addressing 22 vulnerabilities.

Security Bulletin Breakdown:

  • 1 bulletin is rated Critical
  • 3 bulletins are rated Important
  • 2 vulnerabilities can lead to Remote Code Execution
  • 2 vulnerabilities can lead to Elevation of Privilege

Affected Products:

  • All supported Microsoft operating systems
  • Microsoft Visio 2003

Although this is a ‘light’ Patch Tuesday month, it is important to keep an eye out for any non-Microsoft vendors releasing new updates.

We will be going through each bulletin thoroughly next Wednesday, July 13th at 11:00am CDT in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

– Jason Miller

The next evolution of NetChk Protect

The next release of NetChk Protect is nearly feature complete. We have some great new features coming your way in this release. In my last post I discussed a few of the new features that we will be releasing such as the credentials management, RDP integration, and scripting. This release is very much about IT Management. NetChk Protect will become less of a once a month tool and more of an every day life saver. As we lead up to Beta I will be letting out a few teasers for you to get an idea of what we will be releasing for scripting.

There will be a series of scripts to clean up common products in your environment. You know the ones. They come with updaters, notifiers, and all sorts of other add-ons that are really just a nuisance to your users and to you. Java, Adobe, and Apple products are the common examples that I am sure most of you are aware of. With the scripting feature you can select machine(s) and execute a script to clean up these installs once and for all.

There are also going to be monitoring scripts so you can easily get Uptime, Event Logs, and other data from machines to make troubleshooting easier for you.

Also coming are scripts to run regular maintenance on machines. Cleanup temp files and folders, defrag, etc.

As always if you are interested in signing up for the NetChk Protect Betas you can email Beta@Shavlik.com and we will get you on the notification list.

Regards,

Chris Goettl