Last Updated: 2007-01-02 04:13:00 UTC
by Scott Fendley (Version: 2)
I would recommend that this update be tested in your particular enviroment to make sure that it does not break anything prior to installing. Also, it has been observed that the Java update installer does not clean up older revisions of the product. Any update / change control procedures need to take this into account and remove older versions once you are satisfied that it is safe to move forward.
Thanks Robert for pointing this one out to me. Guess I get to do updates on my computers tonight while watching episodes of 24 and/or the Rose bowl. Happy New Year all.
Last Updated: 2007-01-03 08:33:07 UTC
by Scott Fendley (Version: 4)
The Month of the Apple bugs seems to have started. The first bug is in the handling of RTSP URL's within Quicktime, leading to arbitrary code execution on both Windows and Mac OS. You can find the advisory here:
http://projects.info-pull.com/moab/MOAB-01-01-2007.html. The MOAB blog states that you should disable the rtsp:// URL handler, however I have not determined how this is done.
Robert helped me find something I was missing. Guess I am just blind today or was just paying a little too much attention to the bowl games. To disable RTSP URLs in QuickTime, open the QuickTime control panel. Then, select the File Types tab. Expand the Streaming category and make sure the RTSP stream descriptor is unchecked. Here is a screen capture of this from my Windows based computer. I assume MacOS X computers have a similar control panel. I recommend that you make sure that this is unchecked.
Last Updated: 2007-01-01 23:59:20 UTC
by Scott Fendley (Version: 1)
Enough joking around. A few things to mention to start out the first work day of the year. I know that many of you have taken time to mitigate these things. But I suspect many of you were in the same situation as I was regarding taking vacation time prior to the end of the calendar year. So take heed, there are a few items that need to be addressed along with all of the normal Microsoft monthly updates, and other updates that may have been overlooked due to winter holiday season.
1) In November, Bojan discussed a WinZip vulnerability that was being addressed by an update. Exploit makers have not rested over the holiday break and milw0rm has released exploit code for this vulnerability. It is advised that WinZip users update to 10.0 build 7245 or version 11 as soon as possible. (Thanks Juha-Matti for that note.)
2) As a reminder, Symantec Client Security and Antivirus Corporate Edition customer should continue to make a priority of updating your managed hosts. From the data I have seen at DShield, network activity involving this port is still elevated. I would expect that as infected mobile users return to corporate networks or university campuses that this activity will spike at perhaps its highest level. Unmanaged SAV-CE/SCS clients are not vulnerable to the issue in question, but should be updated as well. Joel discussed the "SAV botnet" in late November as well.
3) If you haven't updated your antivirus signatures for both mail gateways and client systems, or even considered stripping executable content from email, then get to it. This should have been common practice many years ago. Yet it does seem like some organizations are not doing so. I would hope that defense in depth will protect your organization from your click-happy users. But it would be best to check and make sure that the configurations on your mail exchangers, IDS and antivirus products are rock solid. There are a number of diary entries in the past week about the recent postcard.exe virus.
4) InfoSec practitioners understand the importance of time and date accuracy when it comes to forensics. So while you are updating your computers, take the time to check the time zone settings and accuracy of the clock. In the United States, there is a Microsoft update for Daylight Saving Time that we discussed in November. I would expect that other Operating System vendors have similar updates. I would also encourage the use of a time server and synchronization application like NTP. There is more information on NTP located at http://www.ntp.org/ and http://www.eecis.udel.edu/~mills/ntp.html . (Thanks Blake for the reminder on this.)
5) In many municipalities, various new rules and regulations went into effect. Some of these may involve taxes or other updates that may need to be addressed in your business or e-commerce applications. This would be a great thing to discuss with your developers and make sure they are making appropriate changes.