[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    Re: When an Update Rollup is actually critical
From:       Susan Bradley <sbradcpa () pacbell ! net>
Date:       2011-09-22 17:39:25
Message-ID: 4E7B72CD.4010500 () pacbell ! net
[Download RAW message or body]

In your browser there a series of ActiveX controls.  
http://en.wikipedia.org/wiki/ActiveX

Some are Microsoft code, some are third party code.  At times Microsoft 
or the vendor determines that there is a control that can be used 
maliciously so they ask Microsoft to block it.

The resulting update kills off the activeX code by specifcally calling 
out the GUID of the active X control and putting a dword value in there 
that stops it from running.  http://support.microsoft.com/kb/240797

http://technet.microsoft.com/en-us/security/advisory/2562937 That is an 
update rollup and is an advisory because it's only third party active X 
controls.

http://technet.microsoft.com/en-us/security/bulletin/MS08-023  That is a 
security bulletin because it's Microsoft's own ActiveX code.

http://en.wikipedia.org/wiki/Killbit  A kill bit is a bit flip that 
disables the control.  These patches install those bit flips that block 
the code from running in the browser.

Microsoft always releases their own activeX kill bits as security 
updates.  And only releases third party activeX kill bit patches as 
security advisories.  It should be flagged as high priority though as 
noted in KB894199.

You have to read and make your own decision.  Anytime I see activeX, I 
read what is being patched and use Microsoft's rankings as 
informational, but not gospel.

On 9/22/2011 7:55 AM, Lars Nelson wrote:
> To confirm Susan:
>
> I'm not really sure actually what ActiveX killbits are and or do so
> that is a hindrance here in my understanding of the process.
>
> It just seems that everytime there is an activex killbit release that
> it's released as an update rollup.  Are you saying though that if the
> activex killbits issues is related to MS product that they release
> that categorized as a security update?  Don't get either the concept
> that activex killbits are being released for 3rd party vendors, by
> Microsoft, with the potential to breach security on a box but are not
> deemed critical -- just becase we may or may not have the 3rd party
> app installed?
>
> Whomever the process is on the box that is responsible for  the
> killing of bits should be responsible for making sure they do so I
> would think.  If the 3rd party vendor is not responsible to make this
> happen then MS should always release the update as critical.
>
> - lars
>
> On Tue, Sep 20, 2011 at 10:36 AM, Lars Nelson<cubs66@gmail.com>  wrote:
>> Hi All.
>>
>> I've noted something that I'd like to comment on.
>>
>> Sometimes, like with the recent ActiveX Killbits update, I've noted
>> that MS will categorize an update as an Update Rollup when it seems
>> like it should be considered a critical update.  As with this activeX
>> killbits update, if the update resolves an item that would otherwise
>> open a system to intrusion, hacks etc, I would think that should be
>> considered critical.
>>
>> Reason being is that I don't automatically approve Update Rollups.
>> There are lots of times when an update rollup is released and I don't
>> want it installed -- at least not yet right away.
>>
>> Thanks.
>>
> ---
> When posting or replying to messages on this list, please send all
> emails in plain text format.  HTML formatted messages will not be accepted.
>
> PatchManagement.org is hosted by Shavlik Technologies
>
> To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
> If you are unable to unsubscribe via this email address, please email
> owner-patchmanagement@patchmanagement.org
>
>

---
When posting or replying to messages on this list, please send all
emails in plain text format.  HTML formatted messages will not be accepted.

PatchManagement.org is hosted by Shavlik Technologies

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]