Friday, November 14, 2003
brainytrading.net.in/ Hello, Patch here. I just completed my first update pass for the site. I'm sorry it's been so long since an update, but I've been pretty swamped as of late. Lots of great things have been happening since the Professional Developer's Conference last month, and I've been busy preparing for that, and working on new product releases for Interscape. It's not really an excuse, but what can I say?
PatchTalk has been renamed to the PDR Forums, and they are nearly ready to go. We'll be using the latest release of the ASP.NET Forums 2.0, which is still currently in development. Part of the reason we're installing it here is to help the Forums Development Team at Microsoft find the bugs and fix them before the final release early next year. If you encounter any problems, there will be a place to post so they can be addressed.
I'd better get back to work now, expect update #2 tomorrow evening. I'll also be reviewing what you should be expecting in Windows XP Service Pack 2.... there are lots of big changes in the wind.
Until then, Your Friend In Security,
Robert “Patch” McLaws
Thursday, November 13, 2003
||WINDOWS: Buffer Overrun in Messenger Service Could Allow Code Execution (MS03-043 | KB828035)|
Buffer overuns are the bane of Microsoft's existence. Basically this flaw involves the most hated of all Windows services, the Messenger service. Don't confuse this one with MSN Messenger. Just another part of Windows that plays Stevie Wonder when accepting messages. WHAT??!?!? You mean you haven't disabled the Messenger service yet? In case you didn't know, that's like #3 on the list of things to do after installing Windows, right after "1) Turn On Computer" and "2) Enter Password".
Patches: Windows Server 2003 | Windows XP SP1 | Windows 2000 SP2, SP3, & SP4 | More Here
References: TechNet Version | End User Version | KB Article (828035)
||WINDOWS: Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (MS03-042 | KB826232)|
There is a flaw in a control that ships with Windows 2000 (Tshoot.ocx) that, if triggered, could allow an attacker to run whatever code they want. This flaw is taken advantage of through HTML e-mail or a website, but if you already have the patch from MS03-040 installed, the possibilities are greatly reduced. This one only affects Windows 2000, so anyone running XP or later can relax on this one.
Patches: Windows 2000 SP2, SP3, & SP4
References: TechNet Version | End User Version | KB Article (826232)
||WINDOWS: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (MS03-041 | KB823182)|
This flaw deals with the security system that Windows uses to make sure that reusable components written by other people are "trusted" or "safe". In some cases, if the computer is low on available memory, a specially-crafted component could be downloaded and installed without your permission. This is a bad one, and I'd recommend that you give this one permission to download and install immediately.
Patches: Windows Server 2003 | Windows XP SP1 | Windows 2000 SP3 & SP4 | More Here
References: TechNet Version | End User Version | KB Article (823182)
Thursday, October 23, 2003
http://brainytrading.net.in/download-iq-option-app Just wanted to keep you guys up to speed on teh status of the site, and the Windows Security world in general . As I previously mentioned, Microsoft changed their strategy towards patching. They will now be releasing patches on the second tuesday of every month. Their last go-around had a signifcant number of patches, many of them critical. I have been very busy over the last week, as my company is working on releasing a new product later this afternoon. I am deeply concerned about the latest patches though, and hope to have all the summaries completed by the end of the weekend. If you have noticed, the security bulletins for October were updated to be a bit easier to use, and they now contain several improvements that draw directly from my work here. Maybe someday soon this site will no longer be necessary. That will be a great day indeed. Until then, we'll still be here for you.
Next week I will be at the Professional Developer's Conference in Los Angeles, so if any of you are there, please find me and say Hi. Upon my return, we will be upgrading the website to .Text 0.95, which will bring about a few usability improvements on my part. Since so many of you want to be able to carry on discussions on this site, November will see a new section of the website, “PatchTalk”, where all of you can come and talk about your experiences with the various patches. I have yet to decide exactly how this section of the site will be organized, so please feel free to shoot some comments my way.
Several of you have e-mailed me regarding the possibility of cross-linking websites. Rest assured I will get to these e-mails ASAP. I had no idea how popular this site would be, and I hope to have all my pending inqueries answered by the next PatchDay.
Well, I'd better get back to work. I hope you all have had an uneventful week, and I'll get these summaries out very soon.
Your Friend In Security,
Robert “Patch” McLaws
Wednesday, October 15, 2003
I'd like to take a moment and apoplgize for the outtage over the past few days. We had to make some changes to the server setup, and had to bring the whole network offline. But we're back, and ready to tackle the newest security bulletins that were released today. There are a whopping 11 patches out there, and I'll be reviewing each one. it takes me about 45 minutes to analyze each bulletin and put my summary together... so do the math ;). That being said, I'll have them up for you as soon as possible. It's good to be back... be sure to check in later to see the new updates.
Thanks for hanging with us. You guys are awesome.
Your Friend In Security,
Robert “Patch“ McLaws
Thursday, October 09, 2003
https://brainytrading.net.in/download-iq-option-app Microsoft today announced that it will be changing the way it handles patching. Basically, work is being done to beef up the Windows security perimeter. The majority of this work will be released soon in Windows XP Service Pack 2. I plan to detail these changes over the next few days, but for now, here's how it affects PatchDayReview:
- Microsoft is changing their patching from weekly to monthly unless critical flaws are discovered). That means that this site will not be as demanding on my daily schedule.
- Microsoft will be devoting more of their efforts to integrated security, and I will do my best to keep you informed in the same clear and simple terms that I use for my patches.
As I said, I will be detailing more of these changes within the next few days. For now, here are some links to this news on the web:
Your Friend In Security,
Robert “Patch” McLaws
Well, someone's done it! They've blown the cover on Microsoft's insistence that all information coming out of them has to be as complicated and un-user friendly as possible.
...This is good stuff, kids. Visit, Use, DO!
Microsoft issues patches for vulnerabilities in its software at the rate of about one a week - the 40 weeks of 2003 have seen exactly the same number of advisories though some weeks have been more "patchy" than others - but the advisories are so jargon -heavy that few non-technical users can understand them.
This is the reasoning behind PatchDayReview, a site set up by Interscape Technologies, says its president and chief software architect, Robert McLaws.
I just found a great little site
(via techno weenie
). It is called patch day review, and it basically keeps you up to date with all the latest patches released, and their importance.
This is very useful for me, because after the last bug I disabled all ActiveX controls in IE
, so to goto WindowsUpdate I have to re-enable ActiveX first. Now I can see whats going on before messing with ActiveX. Also he gives nice little explanations!
Saturday, October 04, 2003
||WMP: Windows Media Player Script Command Patch (828026)|
I'm not in the habit of discussing patches that do not correspond to MS Security Bulletins, but this one was directly referenced as a follow-up to the latest IE security rollup patch, so I'll go ahead and talk about it. Basically, this update changes the way WMP handles accepting commands from other programs. It also increases security so that information from untrusted websites cannot be accessed. Since I'm all about reducing your computer's attackability, you should install this one fairly soon.
Patches: Windows 2003, 2000, and XP | Windows ME | Windows NT 4.0
References: KB Article (828026)
||INTERNET EXPLORER: Cumulative Patch for Internet Explorer (MS03-040 | KB828750)|
This patch for Internet Explorer combines all of the patches for IE that Microsoft has previously released, including two new problems. The first one fixes a huge problem that happens with popup windows. Don't quote me on this one, but I believe this fixes the "$5/min dialup redirect" issue everyone has been talking about. The other problem deals with the way IE tries to figure out the result when a website tries to manipulate data with XML. Either way, this one was urgent enough to be released on a Friday, so make sure you update ASAP.
Patches: Windows Server 2003 | IE 6 SP1 | IE 6 (Windows XP) | IE 5.5 SP2 | IE 5.01 (Windows 2000)
References: TechNet Version | End User Version | KB Article (828750)
Thursday, October 02, 2003
Thanks to everyone that has been to the site so far. I've received an enormous amount of feedback, and it is really appreciated. Keep it up. In the meantime, I wanted to give you a status report on where I am at with the changes I'm making, and clarify a few things.
1) The overwhelming majority of you want to see the Security Bulletin number in each post. That will apply retroactively to all posts as soon as I can compile them.
2) I had some issues with font tags when porting these posts from my .NET Weblog. I'll go through and clean them up shortly, so that the site looks a bit cleaner, and it's easier on the eyes.
3) I'll be removing the login section from the front page, because that's only for me to be able to go in and add new information. It has been very confusing to people, so I'll take it out. To clarify, everything on this site is free. We're not going to make you register for anything... it is all easily accessible. Though this site is actually sponsored by my company, you won't see any advertisements, or receive any e-mails advertising our products or services. You like what we're doing here? Click the logo in the menu area and see what else we do.
4) I had several requests for a web service to distribute the information. Actually, the entire site is syndicated through RSS. Just click the icon on the top left corner, and you have a complete news feed containing all the posts. I'll have an FAQ soon on how to utilize this resource if you are new to the world of aggregators and RSS.
5) I would love to send out e-mails or set up a listserv for the site, but lets face it. You get way too many e-mails already. And I don't want my mailserver to be blacklisted. RSS is really the method of choice for getting the information whenever you want, and as I mentioned above, I will post a great informational piece on how to utilize RSS very soon.
That's about it for now. I'll probably make these changes over the weekend. Again, thank you so much for all the positive feedback, and keep it coming. This site is for you guys.
Wednesday, October 01, 2003
Hello, My name is Robert McLaws, President and Chief Software Architect of Interscape Technologies, Inc. You've stumbled across PatchDayReview.com, a new site dedicated to keeping non-techies up-to-date on Microsoft software vulnerabilities.
You may not have known this, but every Wednesday, Microsoft releases patches, or software band-aids, to its users to fix problems that have been recently discovered. If you've seen Microsoft's reports on these issues, you know that they are very jargon-heavy. Heck, I'm a technical guy and even I have a hard time understanding them sometimes. Another thing that really frustrates me is the fact that you have to click through at least 4 different pages to get to the patch that you need to install. It's really ridiculous.
PatchDayReview.com was designed to tackle all those issues. It gives a very brief description of the problem, using terminology my mom would understand. On the left, you'll see a thermometer (courtesy of Microsoft) that rates the severity of the problem. Then, right underneath the summary, are direct links to the files, straight from Microsoft. No fumbling through sites trying to find the link.... just simplicity in all its glory.
So, I hope you like what we've done here. Feel free to leave me comments on how my company can improve this site. We welcome your feedback, because this site is for you. Be sure to subscribe to our RSS feed, and don't forget to tell your friends and family. I'm sure you all know at least one person who suffered because of the Blaster worm. This is our little way of helping out, but to borrow from Smokey the Bear, “Only you can prevent unnecessary vulnerability exploits!” Security is everyone's problem, so make sure you do your part.
Thanks for coming to the site :) .
Robert W. McLaws
President and Chief Software Architect
Interscape Technologies, Inc.
Wednesday, September 10, 2003
Welcome to a special edition of Patch Day Review. I usually wait 'till evening to compile these reviews, since MS typically takes all day to release their patches into the wild. This patch, however, is extremely urgent, so it warranted an early release.
This warning supersedes the warning that discussed the MSBlaster vulnerability. What that means is, this alert deals with the same problems that the MSBlaster one did, and more. If you're reading this, stop what you are doing, and either download the scanning tool, or just install the patch immediately. Don't fool around with this one. The more people that patch, the less likely another MSBlaster will show up.
That does it for this special edition of the Patch Day Review. Check back this evening for our regularly scheduled update. Now if you'll excuse me, I have a patch to install ;).
Wednesday, September 03, 2003
Everyone keeps coming up with these themes to write about every day. You know, some kind of summary of the stuff they came across during the day. After my rant about software updates, I'm going to post a weekly synopsis of the patches released on TechNet. In case you didn't know, every Wednesday is Microsoft Patch Day (corroboration here). So I'm starting a weekly Patch Day Review (PDR). Each week, I'll give you a brief summary of the new patches available and give you direct download links, so you don't have to wade through all the garbage to get to them. This took me a lot of time to compile, so I hope it's useful to someone.
This week's lesson: Do not open documents unless you know where they came from.
Below are the patches for this week. Many of these are fairly serious, so be sure you check them out. Don't forget, each patch has direct download links. If you can't find the targeted application you're looking for, click "More Here". if that link doesn't have information regarding your program, you're ok.
||WINDOWS: Flaw in NetBIOS Could Lead to Information Disclosure (MS03-034 | KB842105)|
This error basically means that in some situations, when a computer requests to talk to another computer via computer name instead of an IP address, the response could contain a random part of the responding computer's memory. If you set your firewall to block port 137 requests from the Internet (which you should do if you haven't), this error will not affect you. If you blocked this port in response to the MSBlaster attack, you should be fine. Install the patch anyway.
Patches: Windows Server 2003 | Windows XP | Windows 2000 Server | More Here
References: TechNet Version | End User Version | KB Article (842105)
||OFFICE: Unchecked Buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (MS03-038 | KB827104)|
I'm hoping at this point that Microsoft will be doing a better job from here on out in having their applications check document parameters. Each of the Office vulnerabilities this week stem from Office doing an impression of Stevie Wonder as an airport security agent when it opens files. Same drill as above, but this one only affects the Access Snapshot Viewer, not Access itself. Who uses Access anymore anyway?
Patches: Access 2002 | Access 2000 | Access 97 & 98 | Office Update
References: TechNet Version | End User Version | KB Article (827104)