February 2012 Patch Tuesday Overview

Microsoft has released nine new security bulletins for the February 2012 edition of Patch Tuesday.  This Patch Tuesday is typically marked as a ‘heavy’ release month and includes nine new security bulletins addressing 21 vulnerabilities.

There are two bulletins that administrators should look to patch immediately.  Both of these bulletins address vulnerabilties that have the potential for drive-by attack scenarios from websites.

First up is Microsoft security bulletin MS12-010.  This bulletin affects all supported Microsoft Internet Explorer browsers and addresses four vulnerabilities in the browser.  As is the case with most, if not all Internet Browsers, it is extremely important to patch as soon as possible as browsers are one of the most attacked pieces of software.  The vulnerabilities addressed in this patch could allow an attacker to exploit the browser through malicious websites.

Similarly, MS12-013 also has a possible drive-by attack vector.  This bulletin addresses one vulnerability in the C Run-Time Library.  If an attacker can entice a user to open a malicious media file, the attacker can gain full access to a system.  In this new media and social media age, media file attack vectors are just as important as browser attack vectors when it comes to patching security vulnerabilities.

Our old friend, the DLL preload vulnerability, is making a return after a one-month hiatus.  Two bulletins this month fix the DLL preload vulnerability in Microsoft applications.

MS12-012 – Color Control Panel
MS12-014 – Indeo Codec

Since releasing the Security Advisory for this issue in November 2010, Microsoft has patched different programs affected by this vulnerability 22 times.  It is safe to say we will continue to see the DLL preload vulnerability being addressed by Microsoft in the coming months.

On the non-Microsoft front, there is already one vendor joining Patch Tuesday.  Adobe released two new security bulletins today affecting two Adobe products.  Security bulletin APSB12-02 affects Adobe Shockwave and fixes nine vulnerabilities.  Adobe Security bulletin APSB12-04 affects Adobe RoboHelp for Word and fixes one vulnerability.

This has been quite a busy month with multiple non-Microsoft vendors releasing security updates for their software.  After a very quiet December and January, it appears the non-Microsoft vendors are getting back to a normal cadence for releasing security updates for their software application.  The following vendors have released security updates since January 2012 Patch Tuesday:

Opera
Google Chrome (twice)
Yahoo Messenger
Mozilla Firefox (twice)
Mozilla Thunderbird (twice)
Mozilla SeaMonkey (twice)
Real Player
Skype

For those administrators who wait for a monthly maintenance window for their patching needs, this month is going to be quite a large month combining all of the Microsoft and non-Microsoft security bulletins released since the last Patch Tuesday.

I will be talking about these patches along with the latest non-Microsoft patches that have been recently released tomorrow, February 15th at 11:00am CT as part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

– Jason Miller

February 2012 Patch Tuesday Advanced Notification

Microsoft has announced their February 2012 Advanced Notification for the upcoming Patch Tuesday.  Microsoft is planning to release nine security bulletins fixing 21 vulnerabilities.

Security Bulletin Breakdown:

  • 4 bulletins are rated as Critical
  • 5 bulletins are rated as Important
  • 7 vulnerabilities could lead to Remote Code Execution
  • 2 vulnerabilities could lead to Elevation of Privilege

Affected Products:

  • All supported Microsoft Operating systems
  • All supported Internet Explorer browsers
  • Visio Viewer 2010
  • SharePoint Server 2010
  • SharePoint Foundation 2010
  • Silverlight 4

There has been no word of other vendors planning to release new security bulletins, but we are constantly monitoring to find any other vendors planning on joining Microsoft’s Patch Tuesday.

I will be talking about these patches along with the latest non-Microsoft patches that have been recently released next Wednesday, February 15th at 11:00am CST in part of our monthly Patch Tuesday webinar.  Click here to register for the webinar.

– Jason Miller

PowerShell is an Expected Skill for IT Admins Today

I found an interesting blog post by industry veteran Don Jones for Redmond Magazine that I wanted to share.  It leads well into our recent ITScripts Catalog update.  Mr. Jones talks about a recent survey he performed on how much emphasis was placed on scripting (specifically with PowerShell) for different IT job titles.  Of the 600 respondents 80 percent require PowerShell in some, if not all, positions within IT.  None of the job titles were specific to PowerShell Scripter either, so it is an indication that this is one of many skills expected of IT Admins.

The survey also found that 90 percent of respondents believe there is value in automating repetitive tasks, and 92 percent felt it can provide a quick ROI if done properly.

VMware vCenter Protect Essentials customers all have access to the ITScripts feature which released in 8.0 and integrates with Microsoft PowerShell.  VMware vCenter Protect Essentials Plus customers have access to additional scripts and have the ability to import their own scripts into vCenter Protect.  If you want to talk about automating repetitive tasks you are really talking about how to take the script you have written to solve a problem for one machine and replicate the solution to all machines.  How do you do that?  GPO, login scripts, through PowerShell’s RM feature?  Does the script require some form of authentication to run?  How do you secure the credentials in a case like that?

With the ITScripts feature in vCenter Protect Essentials you take advantage of our machine discovery and management features as well as our credentials management.  If you can scan it with vCenter Protect Essentials you can run the script against the machine.  Most scripts run remotely so PowerShell is not required on every machine which would be a limitation if you are trying to run the script on every machine in your environment.

How about having confidence in the script you download from a scripting community?  Our scripts are run through our development and QA teams.  This will save time by not having to verify that the script will do what you expect and test to ensure it will work.  Just approve the script and go.

How about scripts that you need that you have not found yet?  Our scripting feature has only been in production since November so we haven’t seen much request traffic yet, but if you go to our community you will find that our first request, which came in last week, has already been fulfilled.

You can find details about the scripts available in the ITScripts Catalog on the ITScripts Community, but here are the two new scripts we released.

Added Disable Java Updates (version 1.0.0.9) which will turn off the pesky updater (and notification) that you do not need as you are patching the Java Runtime with vCenter Protect.  It also reduces end user frustration with the overall user experience on their machine as they have one less annoyance to deal with on a regular basis.

Added Get Remote Users Last Login Time (version 1.0.0.3) which will query a remote machine to identify all user accounts on the target and return last login time for each.  There are a few common applications to this script like trying to identify which user a machine may belong to if the machine name is either not correct or is some generic format that does not include a reference to the user who it may be assigned to.  Another common use for this script would be to identify what accounts (and their data) could be removed from a system so you can cleanup space if the system is running low.

Both scripts are available to vCenter Protect Essentials and vCenter Protect Essentials Plus customers.  If you go to Manage > ITScripts you can view all scripts available in the catalog and approve the scripts you desire for use in vCenter Protect Essentials.

Regards,

Chris Goettl
Customer-Product Owner
SMB Management Solutions
VMware