Eliminate Your Virtual Blind Spots

Do you need help understanding and managing your expanding virtual environment? The first task is to find out what’s out the there. Scan for all machines in a domain or ip range. This includes on line and off line virtual machines (VMs). VM Templates present a different problem to solve. It is important to keep templates up to date to reduce the need to scan and patch new virtual machines created by the template.

Now that you know what’s out there, you need to find out what hardware you are running.  In addition, you need to know what software is installed and when it was installed on physical and virtual machines. Scan you machines for software, hardware, and virtual assets being used by virtual machines.

These physical and virtual machines need to be scanned for missing software patches. If there are missing patches, it is important to apply the patches. If a virtual machine is off line, it still needs to be scanned and patched, and snapshots can be created as needed.

If you would like to view a demo of how we can help you eliminate your virtual blind spots, please go to http://www.shavlik.com/webinars/shavlik-video/resources.aspx and click on the September 20, 2011 webinar playback titled “Eliminate Your Virtual Blind Spots to Increase IT Security.”

– John Rush

Protect Beta Starting Early October!

Development of Protect is winding down and QA efforts are coming along nicely. We expect to start the Beta for Protect in early October. We will be sending out invitations to the beta within the next week or so. Customers with defects resolved or feature requests being implemented will get an invitation as well as previous beta participants. Customers who have either taken surveys and requested to be on the beta list or already emailed Shavlik-beta@vmware.com will be receiving invites as well. If you are interested in participating in the beta, email Shavlik-beta@vmware.com to get on the invite list.

Chris Goettl

September 2011 Patch Tuesday Overview

Microsoft has released their scheduled monthly Security Bulletin release with 5 bulletins addressing 15 vulnerabilities.

MS11-070 addresses 1 vulnerability in the WINS service.  Only Microsoft server operating systems are affected by this vulnerability (Windows 2003, Windows 2008, Windows 2008 R2).  In order for an attacker to carry out an exploit, the attacker must have access and login credentials to the machine.  Once on the machine, the attacker could send a malicious WINS request to the local loopback network address of the machine.  This could result in elevation of privilege.

MS11-071 brings back the DLL preloading issue once again this month.  On August 23, 2010 Microsoft released a Security Advisory (2269637) regarding an issue with Microsoft products that could be attacked via binary planting.  Microsoft has been identifying and patching affected products through the last 13 months.  MS11-071 marks the 16th time that Microsoft has issued a Security Bulletin for the DLL preloading issue.  Opening a genuine text file (.rtf or .txt) file in a directory that contains a malicious DLL can result in Remote Code Execution.

MS11-072 addresses five vulnerabilities in the Microsoft Office Excel program.  Opening a malcious Microsoft Excel file could result in remote code execution on an affected machine.  This bulletin is not rated as critical due to the defense in depth mechanism in the Microsoft Office program.  The program will prompt users whether or not to open an excel file.  To exploit this vulnerability, an attack requires user interaction.

MS11-073 addresses an issue with Microsoft Office.  This vulnerability will be quite difficult for an attacker to exploit due to the user interaction required.  Scenario 1:  An attacker entices a user to open an office file located in a directory with a malicious DLL.  This scenario would most likely have an attacker already on a corporate network in order to plant the malicious DLL.  Scenario 2:  An attacker sends a malicious Microsoft Office document and entices the user to save the file, and subsequently open the file in a directory that contains a malicious DLL.  Both of these scenarios can be prevented if the Microsoft Office File Validation Add-in is installed on your machines.  This feature was originally introduced by Microsoft in Microsoft Office 2010.  Microsoft has since provided this defense-in-depth measure through an update to their customers.

MS11-074 is the largest Security Bulletin released this month.  This Security Bulletin affects 12 different Microsoft product lines.  One of the five vulnerabilities fixed in this Security Bulletin have been publicly released.  However, Microsoft has not received any reports of attacks against the vulnerability.  This Security Bulletin is related to MS11-050 (Cumulative Update for Internet Explorer released on June 14, 2011).  MS11-050 fixed the vulnerability in Internet Explorer, and MS11-074 will fix the issue in the “Microsoft productivity” products.  Both patches will need to be installed to fix the vulnerability in all Microsoft products.

Last week, Microsoft released a Security Advisory and subsequent patch adding the DigiNotar certficates to the untrusted certificate store.  Today, Microsoft released an update adding additional certificates to the untrusted certificate store.  This update superscedes the previous update, so you will only need to apply the latest patch if you did not apply the previous patch.

Adobe has also released a new Security Bulletin for Adobe Acrobat and Reader with APSB11-24.  This update addresses 13 vulnerabilities.  In addition, Adobe joins other vendors (Microsoft, Apple, Mozilla, etc) in blacklisting DigiNotar certificates.  Adobe is not currently aware of any attacks with digitally signed Adobe documents with rogue DigiNotar certificates.  More information on Adobe’s stance with Adobe’s Approved Trust List and subsequent blacklisting of DigiNotar certificates can be found on the Adobe Security Matters blog.

Skype has released a non-security update for their software.  This release adds support for Windows 8.  Yes, you read that correctly, Windows 8.  Microsoft held a demonstration for journalists and analysts on Monday, September 12, 2011 showing off Windows 8.  I expect a beta will soon be in the works for Windows 8 where you can install and use Skype.  Or maybe, just maybe, Microsoft will bundle Skype with their latest operating system (Microsoft bought Skype last May).

I will be reviewing the September 2011 in depth during my monthly Patch Tuesday webinar tomorrow at 11am CDT.  You can register to attend the live webinar here.

– Jason Miller

September 2011 Patch Tuesday Advanced Notification

Microsoft has announced their plans for the September 2011 edition of Patch Tuesday.  Microsoft is planning to release 5 new security bulletins.  Although this is Microsoft’s ‘light’ Patch Tuesday, we are seeing quite a few Microsoft products being patched this month.

Security Bulletin Breakdown:

  • 2 bulletins affect Microsoft operating systems
  • 3 bulletins affect Microsoft Office and server-based products
  • 5 bulletins are rated as Important
  • 3 vulnerabilities fixed could lead to Remote Code Execution
  • 2 vulnerabilities fixed could lead to Elevation of Privilege


Affected Products:

  • All supported Microsoft operating systems
  • Office 2003, 2007, 2010 (Excel)
  • Groove Server 2007
  • SharePoint Workspace 2010
  • Excel Viewer
  • Office Compatibility Pack 2007
  • SharePoint Server 2007, 2010
  • Office Forms Server 2007
  • Groove Server (Data Bridge Server) 2007, 2010
  • Office Web Apps 2010 (Excel)
  • SharePoint Services 2.0, 3.0
  • SharePoint Foundation 2010


With this ‘light’ patch Tuesday, you will also want to take a look at the new Microsoft Security Advisory released yesterday.  Microsoft Security Advisory 2607712 addresses a high profile issue with DigiNotar digital certificates.  Microsoft has released an update to move all DigiNotar certificates into the Untrusted Certficiate Store to prevent fraudulent certificates from being accepted by your machines.

Mozilla has followed suit with this issue by releasing updates to their programs Firefox, Thunderbird and SeaMonkey.

I will be going through each bulletin thoroughly next Wednesday, September 14th at 11:00am CDT in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

– Jason Miller

Shavlik and Spiceworks Partnership Expanded!

The typical small business these days continues to struggle with issues of: 1) just tracking and managing the various computer systems in their environment, and 2) keeping those very same computer systems updated with the latest software updates. It’s not because they can’t or don’t want to, but it’s more often attributed to the fact that they have not been exposed to a set of tools they could use to do so.

If you’re a small business that finds yourself in the position I’ve just described – there’s a resource you should become very familiar with – and that resource is call “Spiceworks.”

Spiceworks offers a free application that enables the small business to better manage and track their inventory of systems, and helps determine and address any risks associated with computers that aren’t properly updated. Shavlik (now part of VMware) has partnered with Spiceworks to provide the software update functionality to their over 1.6 million users to help simplify the process of determining which systems are at risk and fix them. Today, any Spiceworks user has the ability to conduct a free assessment of their entire environment to determine any existing or potential risks from improperly patched machines, and leverage Shavlik’s technology (separately) to fix any systems that are at risk.

Later this year, Spiceworks will fully integrate Shavlik’s patch assessment and remediation technology into their platform…which will further extend the vast set of capabilities they currently offer the small business user. So, if you continued to wrestle with the everyday issues of managing IT – please take a moment to checkout Spiceworks (www.spiceworks.com). You’ll be glad you did!

Dave Eike