For those of you just returning from vacation, you’ll be pleased to see that there are only four patches this month for your consideration. Verizon Business believes that patch application is something which is done better when you fully understand what the patch is for, what it does, and what risks exist while you’re unpatched. This knowledge and consideration lets you more appropriately schedule patches to avoid business disruption.

To start, Microsoft revised MS08-051, a patch for Microsoft PowerPoint. The revision was surprising because it came about due to Microsoft not putting the same patch binary in the three locations from which they are typically available. If you received the patch last month via the Microsoft Download Center, and don’t use Windows Update or Office Update, then you probably don’t have the complete patch. Take a machine that you’ve applied the patch on to Microsoft Update and verify it doesn’t offer you the patch again. If it does, download the new version and re-apply. Either way, we don’t feel there’s an urgency here unless you think you might be targeted by Office document malware.

MS08-052 gives us yet more image vulnerabilities to keep in mind – however, criminals continue to avoid using image exploits, presumably because they’re more complex to exploit than other means they have available. Placing this one on your regular maintenance schedule will address the low risk.

MS08-053 was surprising; a patch for the Windows Media Encoder due to the inadvertent marking of an ActiveX control as Safe for Scripting. Internet Explorer 7.0’s ActiveX opt-in feature will force a prompt provided the Windows Media Encoder was installed after IE7. We always recommend you apply patches that are exploited via IE within 30 days.

MS08-054 addresses a complex vulnerability in Windows Media Player and its handling of the Real Time Streaming Protocol. The stars really have to line up for a criminal to exploit this one, and the most likely vector is going to be via an Internet-based radio station, so ensure you’re blocking inbound port 554 to mitigate this risk.

Finally, a vulnerability in Microsoft’s OneNote was located. This was also a bit of a surprise because it involves the new onenote:// protocol handler. We had hoped that by now we wouldn’t see vulnerabilities arising from implementing new protocol handlers, especially given how susceptible they are to exploitation in the wild. We feel it’s unlikely criminals will use this exploit given how few installations of OneNote are out there, but it may be something we’ll see abused next year.

All in all, however, it was a fairly quiet month. Write us and tell us about your patching experiences, philosophy and/or approach.

Tags: Information Security, Microsoft Security Bulletins, MS08-051, MS08-052, MS08-053, MS08-054, MS08-055, risk, Vulnerabilities

This entry was posted on Friday, September 12th, 2008 at 2:29 pm and is filed under Microsoft Patch Briefing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.