Patch Tuesday brings Critical updates

Patch Tuesday brings Critical updates

This month's patch cycle brings four Critical updates and a slew of Important patches - many of which fix remote code execution vulnerabilities.

Microsoft's monthly Patch Tuesday update cycle has rolled around once again, and it's a busier month for sysadmins this time around with four critical vulnerabilities to be sorted.

According to an article over on CNet, Windows users will enjoy a quartet of bug fixes in this latest release cycle – including two issues in Internet Explorer 7 on all Windows releases.

The IE bugs are rather nasty, allowing for remote code execution should a vulnerable PC visit a maliciously coded website – and Microsoft has used the release of the security bulletin regarding the issue to remind users that not running as a superuser all the time is best practice, saying that “users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” Easier said than done, of course – especially when the default behaviour for Windows XP is to create an administrator-level user as the main, and often only, account.

It's not just desktop systems that are affected this month, either: Microsoft Exchange server has a pair of Critical issues of its own, one of which again allows for remote code execution and complete system penetration should a specially-crafted Transport Neutral Encapsulation Format message – those pesky winmail.dat files you keep getting from Outlook users – be received. The second Exchange bug can allow a ne'er-do-well to carry out a denial of service attack via a special MAPI command – although this only results in server unavailability, not code execution.

While that covers all the Critical patches that arrived this Tuesday, that's not all that has been released: several Important updates have also been made available, including a fix for a possible remote code execution vulnerability in SQL Server, and a further three patches for Microsoft Office that fixes handling of malicious Visio files.

As well as the usual updates to the Outlook and Windows Mail Junk E-mail Filter and the Windows Malicious Software Removal tool, ITWire is reporting that Microsoft has pushed out some updated ActiveX killbit packages – settings which prevent certain malicious ActiveX controls being installed within Internet Explorer, including versions of the Akamai Download Manager and RIM's AxLoader which have known security issues.

Hoping that the monthly patch cycle will pass by without a hitch, or are you concerned at the number of vulnerabilities that can result in remote code execution this time around – especially considering the light patch load last month? Share your thoughts over in the forums.


Discuss in the forums Reply
John Tate 11th February 2009, 17:45 Quote
We have tested these patches in our Application Compatibility Lab using our product AOK
This is a really big update from an application compatibility perspective. There are c. 200 DLL's that have been updated and most apps are affected based on our sample of 800 applications. Recent patches have included far fewer DLL updates and so are easier to test - once you know what the specifc DLL is doing. However with this release the c. 200 DLL's are widely distributed acorss applications.
More information on our findings
DriftCarl 12th February 2009, 07:06 Quote
Lucky for me the 100+ remote servers I manage do not run IE7 or exchange :D

a month off patching criticals is nice \o/
gregorylambert 12th February 2009, 16:40 Quote
You may not be running Exchange or IE7, but I bet you are using SQL Server. Therefore, you may be interested in the Security Update MS09-004 (Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution).

It is probably the most complex update released this month.

This update alone changes the following files; Atl71.dll, Atxcore.dll, Atxcore.rll, Axscphst.dll, Axscphst.rll, Bcp.exe, Bcp.rll, Cldtcstp.exe, Cldtcstp.rll, Cmdwrap.exe, Cnfgsvr.exe, Cnvrem.dll, Cnvsvc.exe, Comnevnt.dll, Custtask.dll, Custtask.rll, Dbghelp.dll, Dbmslpcn.dll, Dbmslpcn.dll, Dbmsshrn.dll, Dbmsshrn.dll, Dbnetlib.dll, Dcomscm.exe, Distrib.exe, Dtcsetup.exe, Dtsffile.dll, Dtsffile.rll, Dtspkg.dll, Dtspkg.rll, Dtspump.dll, Dtspump.rll, Dtsrun.exe, Dtsrun.rll, Impprov.dll, Mergetxt.dll, Msdbi.dll, Msgprox.dll, Msvcp71.dll, Msvcr71.dll, Msxmlsql.dll, Msxmlsql.rll, Odbcbcp.dll, Odsole70.dll, Odsole70.rll, Opends60.dll, Osql.exe, Pfclnt80.dll, Pfclnt80.rll, Rdistcom.dll,Replagnt.dll, Repldist.dll, Repldp.dll, Repldsui.dll, Repldts.dll, Replerrx.dll, Replmerg.exe, Replprov.dll, Replprox.dll, Replrec.dll, Replres.rll, Replsub.dll, Replsync.dll, Rinitcom.dll, Scm.exe, Semmap.dll, Semmap.dll, Semmap.rll, Semmap.rll, Semnt.dll, Semnt.dll, Semnt.rll, Semnt.rll, Snapshot.exe, Spresolv.dll, Sqdedev.dll, Sqladevn.rll, Sqladhlp.exe, Sqlagent.dll, Sqlagent.exe, Sqlagent.rll, Sqlatxss.dll, Sqlatxss.rll, Sqlboot.dll, Sqlcmdss.dll, Sqlcmdss.rll, Sqlctr80.dll, Sqldata.dll, Sqldistx.dll, Sqldmo.dll, Sqldmo.rll, Sqlevn70.rll, Sqlimage.dll, Sqlinitx.dll, Sqlmaint.exe, Sqlmangr.exe, Sqlmangr.rll, Sqlmergx.dll, Sqlredis.exe, Sqlrepss.dll, Sqlrepss.rll, Sqlresld.dll, Sqlresld.dll, Sqlresld.dll, Sqlservr.exe, Sqlsnmp.dll, Sqlsort.dll, Sqlsrv32.dll, Sqlsrv32.rll, Sqlstbss.exe, Sqlstbss.rll, Sqlsvc.dll, Sqlsvc.dll, Sqlsvc.rll, Sqlsvc.rll, Sqlunirl.dll, Sqlvdi.dll, Ssmsad70.dll, Ssmslpcn.dll, Ssmsrp70.dll, Ssmssh70.dll, Ssmsvi70.dll, Ssnetlib.dll, Ssnmpn70.dll, Ssradd.dll, Ssravg.dll, Ssrdown.dll, Ssrmax.dll, Ssrmin.dll, Ssrpub.dll, Ssrup.dll, Svrnetcn.dll, Svrnetcn.exe, Svrnetcn.rll, Ums.dll, W95scm.dll, Xplog70.dll, Xplog70.rll, Xpqueue.dll, Xprepl.dll, Xpsqlbot.dll, Xpstar.dll, Xpstar.rll.

WOW! Hope this does not ruin your "Patch Holiday". :)
John Tate 11th March 2009, 18:18 Quote
If you are interested in the March patch updates the news is better from an application compatibility perspective. This month includes 3 patches, one rated Critical and the other rated as Important. These patches affect all operating systems from Windows 2000, XP through to VISTA and Windows 7 beta and will require all servers and desktops running these operating systems to be rebooted. The good news is that from an application compatibility perspective this is a minor update from Microsoft unlike Feb
More info at
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums