October 2012

October 2012 Security Bulletin Webcast Q&A

 

Hosts:         Jonathan Ness, Security Development Manager

                   Dustin Childs, Group Manager, Response Communications

Website:          TechNet/security

Chat Topic:      October 2012 Security Bulletin Release
Date:                 Wednesday, October 10, 2012

 

Q: For Security Advisory 2661254, we found some certificates that had 512 bit keys in VMWARE. VMWARE does not appear to have updates for these components, but during our testing everything still seemed to work after applying the update. Does that mean that VMWARE is not using the Microsoft API to check the certificates? If so, how common is it for 3rd parties to use certificates but not use the Microsoft certificate API?

A: Without more information on this particular installation of VMWare, it is hard to say what the issue is.  If this VMWare product is a desktop application, it is possible they have their own certificate validation. If this a web front end that uses SSL, this update should block the update but without more information, it is difficult to say what the problem is.  It is possible that the update is already configured for logging.  The update can be configured to NOT block the certificate.  We recommend reviewing the support KB article for this issue and if you have additional questions you might open a support case to investigate.

 

Q: On Security Advisory 2749655 (Compatibility issues affecting signed Microsoft binaries), what are some of the compatibility problems with certain programs you mention in one of the previous slides?

A: Problems occur when verifying the signatures of impacted files after the expiration date. Examples include:

  • installing updates and applications may fail or the update will appear to be unsigned, manual inspection of the signature will show it to be expired
  • repair or uninstall operations may fail
  • third-party antivirus applications may treat the impacted binaries as malicious or untrusted
  • application whitelisting software may not recognize the software as trusted

These are only some examples, and third-party code could have other unexpected problems.

 

Q: What type of errors can we expect with Security Advisory 2661254 where sites have less than 1024 RSA keys?

A: This depends on the scenario. For Internet Explorer, access to the site is explicitly blocked. Other scenarios such as running an executable, the binary will appear is Untrusted. For outlook and reading encrypted mail, an error will occur. However customers will be able to read, but not send encrypted email. The Knowledge base article 2661254 has an exhaustive list of scenarios where customers may be impacted by this update. For more information please see http://support.microsoft.com/kb/2661254

 

Q: Will all the SharePoint related vulnerabilities be part of the SharePoint 2010 cumulative update?

A: Yes, the SharePoint bulletin will be included in Cumulative Update (CU), and will be released in the near future.

 

Q: Regarding SQL bulletin MS12-070. If Reporting Services are installed but not configured, is this a valid workaround?

A: By default with a Reporting Services installation that is installed but not configured, Report Manager will not be configured and thus no vulnerability is exposed.

 

Q: I am only seeing KB 2705219 and not KB 2712808 being offered to me - this is part of MS12-054 as that patch was a two patch update. Should I only see one, and not two updates in this reoffering due to the timestamp?

A: For the rerelease of MS12-054, only KB 2705219 was affected by the KB 2749655 Code Signing Issue.