The sheer number of security bulletins and related software updates may cause an uprising within your IT staff. Therefore, it's important to review and prioritize which updates to install.
The five critical security bulletins for February are shown in the chart below. The severity of each issue is identified for each bulletin and operating system. Critical flaws -- for which Microsoft believes exploit code may be easily produced and reliably executed -- are highlighted in yellow.
|Win 2k||Win XP||WS 03||Vista||WS08||Win 7||WS 08 R2|
Three patches that should be evaluated as soon as possible are MS10-006, MS10-007 and MS10-013.
- MS10-006 addresses a critical flaw in the SMB protocol (affecting file- and printer-sharing functions). Establishing a connection to a malicious file server could allow an attacker to take complete control of the local computer. Windows 7 and Windows Server 2008 are at the most risk from attacks originating on the local network. Earlier operating systems may also be vulnerable and/or experience system crashes or privilege-escalation attacks.
- MS10-007 is a critical security issue that affects Windows 2000, Windows XP and Windows Server 2003 systems. Viewing a malicious website or clicking on a malformed hyperlink in a Web browser or email could enable an attacker to execute commands on the local computer. According to Microsoft, this is a relatively simple issue to exploit, so the patch should be installed immediately.
- MS10-013 is a critical vulnerability that affects all Microsoft operating systems. Viewing an evil media file may exploit this flaw, giving an attacker the same access rights to a computer as the logged-on user. Microsoft said it expects exploit code to be released for this vulnerability in the next 30 days.
The other two critical security bulletins -- as well as the eight noncritical bulletins -- can be found in February's security bulletin overview.
Managing the patches
Here are some steps to help you manage this month's security bulletins:
- Review all 13 security bulletins and identify which ones are related to software on your network.
- Prioritize the applicable bulletins according to the risks they present to your enterprise. Start with Microsoft's severity ratings and adjust them as necessary to account for unique implementations on your network. Make sure to focus first on the high-severity items that could cause the most harm or downtime should any systems be exploited before they're patched.
- Schedule the highest-priority items to be tested and deployed this week. The next highest should be deployed no later than the following week and so on. Those running Windows Server Update Services (WSUS) or another patch management program may approve and install all of the released patches at the same time and perform a single reboot at the end, instead of spacing out the patches over several weeks.
- Reassess the network to ensure all the patches were correctly installed. Make sure to review computers that may have been turned off or out of the office during the patch deployments.
- Document the patches that were not selected for immediate (or any) deployment. This will provide a reminder that they should be deployed in the future, and also serves as an audit trail for the security team and external reviewers.
For additional information about each issue -- and Microsoft's commentary on the likelihood of exploitation -- check out Microsoft's Security Research and Defense blog.
|ABOUT THE AUTHOR:|
Eric Schultze is an independent security consultant who most recently designed Microsoft patch management solutions at Shavlik Technologies. Prior to Shavlik, Schultze worked at Microsoft, where he helped manage the security bulletin and patch-release process. Schultze likes to forget that he used to work as an internal auditor on Wall Street.