Pin Me

Assess and Act Upon Microsoft Security Advisories

written by: •edited by: Bill Fulks•updated: 6/29/2011

There are many Microsoft Security Advisory messages released each month, and these are intended to provide advice on hotfixes and how to deal with newly discovered threats. Acting on these advisories requires some risk assessment before deciding on installing the suggested fix.

  • slide 1 of 6

    If you have received a notification about the Security Advisory concerning Microsoft KB972890, then you might be either concerned, worried, bewildered or all of the above.

    Microsoft sends advisory notes out to system administrators in order for them to make the right decision concerning the security of the systems they maintain. Usually all that is required is the installation of a hotfix, although from time to time the impact of the advisory note can have far-reaching consequences.

    For instance, the Security Advisory might concern a massive vulnerability that will require every computer on a corporate network to be patched, something that will need to be done by first testing the patch and then either sending an engineer to manually install the patch on all systems or using automated systems to push the update out to all applicable computers.

  • slide 2 of 6

    What Is a Microsoft Security Advisory?

    Microsoft Security Advisory RSS feed Microsoft Security Advisories are messages sent by Microsoft to subscribers informing them of security issues that do not warrant Microsoft Security Bulletins.

    This might indicate that the advisories contain less-important updates, but that isn’t the case; the information provided by these messages can be vital, such as in the case of KB972890.

    These advisory messages should be acted upon immediately wherever a relevant threat is identified, either by preparing for an update or dissemination with colleagues. Armed with this information, any subsequent escalation of the issue (for instance, Microsoft might announce that the problem is more far-reaching than previously understood) can then be addressed.

    While receiving advisories by email might be a popular option, the best way to see them is by subscribing to the Security Advisory RSS feed (found at http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory). This can then be easily accessed through any standard feed reader app on your computer or phone.

  • slide 3 of 6

    Explaining Advisory KB972890

    The initial notification of Microsoft Security Advisory 972890 in 2009 was followed by a public report (as is always the case in these situations; the report is sent out via email or the RSS feed) and Hotfix.

    It transpires that the vulnerability referred to concerns the possibility that remote code in an ActiveX video control could be used to hijack a user’s computer.

    Vulnerabilities of this kind are common, and Microsoft spend considerable resources in researching them whenever they are uncovered (often by security firms or Microsoft themselves). The vulnerabilities can occur through poor execution of ActiveX code, or result from insufficient testing.

    Dealing with these problems as quickly as possible is the best way forward, and will enable you (or your users) to enjoy trouble-free computing without the worry that this weakness might cause severe problems.

  • slide 4 of 6

    Applying the Hotfix

    Applying the Hotfix In order to protect users from the effects of this vulnerability – and to effectively plug the hole – Microsoft have released a hotfix, MS09-32. This is available for all versions of the operating system from Windows 2000 onwards, and can be found at http://support.microsoft.com/kb/973346.

    Titled MS09-032: Cumulative Security Update of ActiveX Kill Bits, the update has a considerable number of different downloads, providing a solution for users of standard Windows versions as well as server versions. Windows 7 is represented with release candidate versions only, although these are both 32-bit and 64-bit. If you’re using a pre-Windows 7 version of the operating system, you should find the download file you need in this list.

    Windows 7 users should use Windows Update to resolve this problem, via Start > Control Panel > System and Security > Windows Update > Check for updates. If the hotfix for advisory is available for your computer (and hasn’t already been installed) it will be listed here for you to download and install.

  • slide 5 of 6

    Hotfix Usage and Switches

    After downloading, the hotfix should be run, and this will resolve the error in most cases. Note, however, that some additional options are available for running the hotfix, which might come in handy. For instance, rather than spend time in front of a computer installing the hotfix, you could run it with the /passive switch.

    Switches are typically used when running applications through a command prompt or the run box. For instance, you can tap WINDOWS+R to open the Run box and entering the file path of the hotfix, and then enter the switch:

    C:/filepathtohotfix/hotfix.exe /switch

    Note the space between the file path and the slash that precedes the switch.

    Various other switches are available; for full details of these, check the hotfix page.

    With this hotfix downloaded and installed on all relevant computers, you should be able to rest easy in the knowledge that you won’t be affected by this particular vulnerability. Remember to stay in touch with Microsoft via the RSS feed to keep your eye out for any future issues that might affect you, however.

  • slide 6 of 6

    References

    Author's own experience.

    Microsoft Hot fix MS09-32, http://support.microsoft.com/kb/973346

    Screenshots provided by author.