Tomorrow will be June’s Patch Tuesday for Microsoft. Seven security bulletins were posted to address a number of remote code execution critical vulnerabilities and important elevation of privilege vulnerabilities. Even with Patch Tuesday coming tomorrow, Microsoft has already been busy this month releasing two updates to harden Windows Updates and WSUS in response to the Flame malware.
You can find out more about the Updates coming tomorrow that address vulnerabilities in Windows, Internet Explorer, the .NET framework, Office, and other Microsoft applications from this month’s Security Bulletin.
Meanwhile, Microsoft technologies were manipulated to spread the Flame malware. As a result, Microsoft has been busy patching the affected services to correct their flaws.
From the WSUS Product Team Blog, Microsoft has updated Windows Updates for all clients and WSUS 3.0 SP2 for WSUS servers.
Clients should automatically receive update 2718704 for their Windows Updates services unless they have updates set to manual checking. If that is the case, Windows Updates can be manually checked to get the necessary updates.
Please follow the following steps to ensure a smooth deployment:
- Apply Security Advisory Update 2718704, issued on June 3, which moved unauthorized digital certificates derived from a Microsoft Certificate Authority to the Untrusted Store.
- Apply the WSUS update, issued on June 08, see KB 2720211.
The Microsoft Security Response Center blog has more details on how the attack worked and took advantage of the services. The important information is to get Update 2718704 installed on all clients and update WSUS if you use it in your environment. The updates prevent a similar man-in-the-middle attack from working with the same method and being able to observe the traffic that passes through it.
One known issue with the WSUS 3.0 SP2 update comes into play if your environment uses an https or SSL content inspection. Windows Update traffic will need to have a rule created that tunnels the traffic without inspection. More details are available in KB 2720211. With these updates applied, Microsoft will be using hashes with all future Windows Updates so attackers will be unable to use Windows Update as a distribution vehicle in the future.