| By Susan Bradley |
This month, we say a fond farewell to MS support for Windows XP SP1, pay tribute to Ray Noorda, and get ready for IE 7.
Microsoft support ends for XP SP1
Before I begin my normal patch analysis, let me just remind you that this month marks the end of support for our dear old friend XP Service Pack 1 (SP1). Only XP SP2 will be patched in the future.
I’d like to also take a moment to pay tribute a gentleman who converted my business from “sneaker net.” That’s when we used to share files around the office by placing them on floppy diskettes. Ray Noorda, who made Novell into a powerhouse back then, passed away recently, as reported by VnuNet. While Novell isn’t the networking player it used to be, we all should pay homage to the man who did more to start us on the road of networking than anyone else — yes, even more than Bill Gates has done. For many of us, it was Novell that first awakened us to the power of networking.
One IE zero-day threat patched, one not
I was expecting to tell you about two critical IE patches, MS06-057 (923191) and another related IE/ActiveX patch. But we ended up getting only one of the issues patched.
The patch we didn’t get was for the DirectAnimation Path ActiveX flaw, which was disclosed by Microsoft in security advisory 925444. What we did get was a patch for the so-called WebView hole. Both problems involve ActiveX issues on Internet Explorer.
For workstations, I strongly recommend that you apply MS06-057 extremely quickly. This vulnerability is being used on Web sites in the wild. The recommended mitigation techniques — setting “kill bits” — can cause visual issues on certain Windows Explorer pages.
For the DirectAnimation ActiveX issue, until it’s patched, consider a GPO kill-bits mitigation technique discussed in Dr. Jesper Johansson’s blog. At the present time I recommend this mitigation be deployed as soon as you can and I’ve seen no major issues at this time. Also see Chris Mosby’s comments, above.
Death by PowerPoint revisited
Another patch dealing with a vulnerability that we’ve seen some targeted attacks with is MS06-058 (924163). A paranoid network administrator could try to work around this hole by blocking PowerPoint files from being received via e-mail. But there is still the risk of PowerPoint files being opened up on the Web.
If you and your users have the ability to surf the Web, open up or download any files, it would be wise for you to deploy MS06-058 quickly.