Wednesday, May 09, 2007

One for the Windows fans

Business as usual:

System administrators will have to prioritize between updating Exchange and DNS servers while leaving equally important server and application updates dangling, experts say.
Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology and the whopper of them all, the zero-day vulnerability in the DNS Server's use of RPC.

Michael Sutton, a security evangelist for Atlanta-based SPI Dynamics, said the "pretty high percentage" of critical updates on this Patch Tuesday is going to force a lot of system administrators to juggle updates, making decisions about which servers to update first. System administrators "can't take care of everything at once," he said. "You have to look at severity."

Sutton said he's advising people to first focus on the Exchange and Domain Name System updates, given that those vulnerabilities will leave companies the most exposed to attack. " [It's a] challenge; when you have 14 criticals, you're putting some things secondary that are still top priorities," he said.

An exploit for the DNS RPC (remote procedure call) interface vulnerability was discovered in the wild in April. Within a week of its discovery, four new malicious programs popped up, each trying to take over systems by prying open the DNS hole.

The DNS remote code execution vulnerability affects server-grade operating systems, including Windows 2000 and Windows Server 2003, and only those that have the DNS service enabled, such as Domain Controller, DNS Server or Microsoft Small Business Server configurations.

Still, warned Symantec, based in Cupertino, Calif., enterprises and small businesses "should ensure [that] they update their systems with the patch since this vulnerability has already been exploited." A successful exploit would completely compromise the computer.

No comments: