Helping you Piece IT Together

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search

Visit Our
Blog

Issue January 2006

In this issue of our Security Watch Newsletter, we provide a Virus protection and security checklist, outline the security features in Internet Explorer 7, describe how to use the Guest account in Windows to fight malware, provide an overview of Microsoft's Data protection Manager (DPM) and give an insight into what Rootkits are.

 

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

NEWS
Microsoft Release patch to Address Critical Security Bug
Microsoft have now released the patch to address the critical WMF security bug before the previously scheduled date of the 10th of January. The WMF vulnerability uses images to execute code. This means that simply viewing an infected image on a website, in an email or stored on a PC or server will execute the infected code and infect your PC. Machines can become infected from merely visiting compromised websites, previewing emails with image attachments in earlier versions of Outlook or from an infected file simply previewed as a thumbnail in Explorer or indexed by Google Desktop or.

The patch is now available for download from http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx

We at BH Consulting believe that this issue is serious enough that it should be patched as a matter of urgency. However, we recognise that rolling out a patch to all your workstations may produce additional problems such as incompatibility with existing applications.

Therefore, we advise that the decision whether or not to roll out the patch immediately or to wait for one of your scheduled change management windows should not be left solely to the IT department. This is a decision that needs to be made at the highest level in the company and the business needs to be made aware of the complexities of the situation. Leave the systems unpatched and you may become susceptible to the vulnerability, patch your systems and you may break existing systems. There are major technical, business and cost issues in both scenarios.

We recommend you look at the following steps to mitigate the problem;

  1. A concise and factual presentation should be made to senior management with the options to address the issue laid out clearly, together with the potential downside to each solution.
  2. Whatever solution is decided upon needs to be agreed to and signed off by senior management.
  3. An incident response team should be set up in order to (a) respond to any side effects from the selected plan of action or (b) in the event your systems are compromised in spite of the steps taken.
  4. Remember as part of the plan to ensure that all your backups have been running successfully and more importantly that you can restore them!
  5. Have key contact details for all relevant personnel in the event of a major problem with your systems, including contacts in third parties such as ISPs, partner companies, extranet contacts etc.
  6. Communicate clearly with the user population explaining why the patch is being deployed and to report any unusual behaviour.
  7. Ensure that all Anti-Virus signatures and software is up to date.
  8. Ensure all Intrusion Detection/Prevention Systems' signatures are up to date.
  9. Consider how best to update remote PCs and laptops that may not be connected to your corporate network.

We strongly advise, as with all patches, to ensure that you test and are satisfied that the patch does not negatively impact your environment before you deploy it. It also may be worth keeping on high alert even after deploying the patch as;
(a) Other new vulnerabilities could still be found in this feature of Windows.
(b) Not everyone will patch their systems in a timely fashion as we have seen time and time again and their compromise may impact your organisation.

Additional details of this story are available at
http://www.siliconrepublic.com/news/news.nv?storyid=single5873

Survey shows a record level of email borne viruses in Ireland for December
http://www.siliconrepublic.com/news/news.nv?storyid=single5849

CERT study shows that Windows had three times less vulnerabilities than Linux/UNIX in 2006
 http://www.us-cert.gov/cas/bulletins/SB2005.html

Businessman wins e-mail spam case EU using Data Protection Legislation
 http://news.zdnet.co.uk/internet/ecommerce/0,39020372,39244402,00.htm

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we have updated our range of whitepapers and the following is now available for free download from our website;

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES
Virus Protection and Security Checklist
Your employees can quickly get the latest updates for their computer's operating system, software, and hardware on the Windows Update site. Windows Update scans the... Click here for more details

Internet Explorer 7 Will Have Improved Security
Recently, Microsoft engineers detailed changes to Microsoft Internet Explorer (IE) 7's security model, which will include new security zones settings not found in IE 6. IE 7 is currently on track for a wide release in 2006, and an even more...  Click here for more details.

Use Guest Accounts to Fight Malware
In the fight against malicious code, security experts have long recommended that administrators have two accounts--one for everyday use and one for administrative tasks. Running as an administrator leaves you vulnerable to a malicious... Click here for more details.

How Does Data Protection Work?
Data Protection Manager (DPM) helps you manage the process of protecting and recovering data on the file servers in your network. This topic describes the high-level steps you need to perform to successfully protect and recover data in the DPM.... Click here for more details.
 
Rootkits: The Obscure Hacker Attack
A rootkit is a special type of malware (malicious software). Rootkits are special because you don't know what they’re doing. Rootkits are nearly undetectable and they’re almost impossible to remove. Although detection tools are proliferating,... Click here for more details.
 
FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us  or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.
Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.