Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Critical Update for AD RMS

Published: 2010-02-11
Last Updated: 2010-02-11 21:04:33 UTC
by Deborah Hale (Version: 1)
0 comment(s)

We received an email from on of our readers today with a link to a MSDN Blog.  The article contains information about a required update for Active Directory Rights Management Services.

The article states that the update prevents error messages that are related to the application manifest expiry feature of AD RMS or RMS client and server applications.
The certificate for the RMA add-on for Internet Explorer will expire on February 22nd. The article states that this add-on allows users to view content with restricted permissions in
Internet Explorer.  Failure to apply the update may cause issues with accessing or protecting web-based content.

If you are using AD RMS you may want to take a closer look at the article.

blogs.msdn.com/rms/

 

Deb Hale Long Lines, LLC

0 comment(s)

MS10-015 may cause Windows XP to blue screen

Published: 2010-02-11
Last Updated: 2010-02-11 20:59:41 UTC
by Johannes Ullrich (Version: 1)
21 comment(s)

We have heard about reports that MS10-015 causes some Windows XP machines to blue screen. If you are seeing this issue, please let us know.

(I am filling in for Deborah on this diary as she is ironically busy dealing with lots of blue screens in her organization, which may be related)

See for example:

http://www.krebsonsecurity.com/2010/02/new-patches-cause-bsod-for-some-windows-xp-users/

and

http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/73cea559-ebbd-4274-96bc-e292b69f2fd1

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

21 comment(s)

The Mysterious Blue Screen

Published: 2010-02-11
Last Updated: 2010-02-11 20:24:17 UTC
by Deborah Hale (Version: 1)
8 comment(s)

I am going to learn not to sign up for Handler On Duty any day of the Microsoft Update week.  It never fails there are issues to be dealt with.  

Today the issues to be dealt with are internal to my company.  We got to work this morning to discover that we had a number of computers
that would not boot up.  They had the infamous "Blue Screen of Death".  The file that was indicated as the problem is a file totally none related
to Microsoft.  The file is a kernel level file for an anti-virus program that we have been using internally for quite some time.  The AV uses a CLAM-AV engine
and a few other "interfaces" to package a computer security solution.  

After attempting to contact the company today and getting voice mail for both the tech support and partner support lines I figured that this was a bigger
problem than what I was seeing.  I did finally get a call back from the company as well as a couple of emails indicating that the problem was a result
of the Microsoft updates.  This really puzzles me because most of our machines are setup to NOT download and install the updates for this very reason. We
prefer to wait a few days after the update is released before we actually install. We prefer to wait to see if there are problems and give Microsoft an opportunity
to fix it before it breaks computers.
 

So my question is:  "Did Microsoft force an update despite our auto updates being turned off?" I have verified that the majority of the computers APPEAR to 
have not had the patches applied.

I have present this question to Microsoft and have no answer back yet.  As soon as I do I will update.
 

The good news is that in our case it was pretty easy to get our machines back online.  We just had to boot to a repair disc and remove the driver file (.sys) that
was causing the blue screen. Once the file was removed a reboot in every case returned the computer to normal.

Any one else noticed problems on machines with auto-update turned off?

UPDATE:  I have been in contact with Microsoft and they have insured me that there were no updates done outside of their normal updates.  They said that if the
Auto Update was turned off - then NO updates were done.  So the plot thickens.  How is it that NO updates were done either by the software vendor or by Microsoft
and yet the machines Blue Screened.  Just what is it that happened to our Windows XP and Windows Vista machines that rendered them blue.  I will update
again as soon as more information becomes available from either Microsoft or the Vendor.

 Deb Hale Long Lines, LLC

8 comment(s)
Diary Archives