Home > IT, Security > Huh…?

Huh…?

November 10th, 2006 Leave a comment Go to comments

As many of you may have guessed... I read a good number of blogs on a daily basis... My bloglines feed contains 191 feeds (6 of which I don't consider to be tech related)... One of my favourite blogs to read is the SecuriTeam blog... They keep you up to date on most things, and they do some cool things themselves.

This morning, however, I was a little disappointed. I read their RSS feed and see a new article outlining Microsoft scheduled patch release on Tuesday... No big surprise. I've got that and half the IT bloggers out there have posted it. The problem I had with it was that they essentially said this was the first time Microsoft had given advanced details on what the updates were...

From the blog:

When releasing information about the upcoming security patches of the next Tuesday Redmond guys informed about one Security Bulletin related especially to Microsoft XML Core Services. I.e. they are fixing Extremely Critical code execution vulnerability in XMLHTTP 4.0 ActiveX as a part of XML Core Services.

It was the first time today when they shared a more detailed information about the target of upcoming bulletins via Microsoft Security Bulletin Advance Notification program started exactly two years ago.

So there are two problems with this... yet only one should apply, depending on how you are supposed to read the blog...

Problem 1:
Microsoft was warned of a flaw in XML Core Services that was being exploited in the wild. Like usual, when presented with this information, they provided an informational advisory related to the vulnerability. These advisories are commonly published and completely unrelated to the Advanced Notification program. So the fact that we have the informational advisory is nothing new.

Problem 2:
The actual Advance Notification looks like this:

On 14 November 2006 Microsoft is planning to release:

Security Updates

One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.

Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.

I believe that the SecuriTeam blog post is actually referring to the section I have bolded... That this would have previously just said 6 Microsoft Security Bulletins affecting Microsoft Windows. However this is not the case, just last month the Advance Notification looked like this:

On 10 October 2006 Microsoft is planning to release:

Security Updates

Six Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

Four Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

One Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

As you can see from the bolded section, Microsoft published more specific details than they previously had. Meaning this month was nothing new.

So all we've got for this months advanced notification is a notification that's formatted the same as last months notification and an advisory that was released to deal with "exploits in the wild". These two simply happen to coincide... nothing amazing here and the SecuriTeam blog posting, based off the last line, was just a failed shot at Microsoft

Hey boys and girls from One Microsoft Way, are you starting something totally new or is the main reason the remarkable number of sites publishing the sploit code?

So, if it was a shot... the guys at SecuriTeam need to grow up... if it was a misrepresentation based on what was seen this month, they just need to get their facts straight for the future.

Peace,
HT

Categories: IT, Security Tags:

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

  1. No comments yet.
  1. No trackbacks yet.