September 2015 Security Updates Summary

Yesterday was Update Tuesday and Microsoft made available 12 security bulletins to resolve 55 CVEs (definition of the term CVE). Further details are provided in their Security Bulletin Summary.

Reviewing this summary at the time of writing it details a known issue for only 1 security bulletin MS15-097 (Microsoft Graphics Component). The known issue relates to a defense in-depth (a layered defense) measure included with this update which is referenced in the bulletin within the FAQ section. This update turns off the service used to load the Macrovision secdrv.sys driver which while it addresses the issues mentioned in this bulletin will affect the ability to play older video games.

I personally own several older games that I still play which use this driver e.g. Command and Conquer (C&C) Red Alert 2, C&C Tiberian Sun, C&C Renegade and Medal of Honor Allied Assault. To continue to play such games when I wish, I’m using the commands provided by Microsoft in this knowledge base article to manually start and stop the service using these commands (within an administrator/elevated command prompt window). These in my opinion are the fastest means of turning the service on and off:

sc start secdrv
sc stop secdrv

I remember patching this Macrovision driver many years ago when Microsoft released security bulletin MS07-067. With limited testing I can confirm that the above commands work as expected and that the above games continue to work as normal however I will carry out further checks and update this post if I find older games are no longer working.

=======================
Update: 15th September 2015:
After further testing I have found that the use of the above commands is not necessary. The Windows registry change documented in this knowledge base article when set to a value of 3 manually re-enables the service when it is needed. With only this change, the above mentioned games continued to work as normal (making the above mentioned command prompt commands unnecessary). This registry key is present within Windows 7 and Windows 8.1.

Please note that Windows 10 does not have this registry key but when testing the above games on Windows 10, the games still worked normally (tested using Electronics Arts Origin game launcher).

However if you don’t play older games (or if you have Windows 10) you won’t need to make this change. In addition I wouldn’t recommend leaving this registry setting with a value of 3 over the long term. Microsoft set it to 4 to disable the service as a defense in-depth measure.

To quickly change this settings you could either use a pair of registry export files (one with a value of 4 and the other 3) or simply use Regedit to make this change when necessary.
=======================

Another source to monitor for any issues encountered with Microsoft security updates is the IT Pro Patch Tuesday blog. At the time of writing, no issues have been posted.

One of the bulletins released by Microsoft, MS15-100 for Windows Media Center addresses and issue that was disclosed among the documents released during the Hacking Team data breach. This issue was reported to Microsoft by Trend Micro.

In addition, Adobe issued an update for Shockwave Player to resolve 2 critical CVEs. If you use/have Shockwave Player installed, details of obtaining the relevant update are available within Adobe’s security bulletin.

Adobe did not release an update for Flash Player this month. As noted by Wolfgang Kandek of Qualys there hasn’t been a gap in the updates for Flash Player since October 2013. However given that Google Chrome v46.0.2490.13 64 bit (Beta channel) includes Flash Player v19.0.0.142 I suspect that an update will arrive next month that more widely makes v19 of Flash Player available.

Update: 18th September 2015: Google Chrome v46.0.2490.33 64 bit (Beta channel) includes Flash Player v19.0.0.185.

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/
—————-

If you use any of the above software, please install the appropriate updates as soon as possible.
Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

If you wish to prioritize the deployment of the above security updates, I would first recommend the installation of Microsoft Graphics Component, Microsoft Office, Internet Explorer, Microsoft Edge and Windows Journal due to their critical severities. In addition, 1 issue from both the Microsoft Graphics Component and Microsoft Office security bulletins are currently being exploited.

=======================
Update: 25th September 2015:
In addition to the advice mentioned above regarding keeping Adobe Shockwave Player up to date, according to well-known security blogger Brian Krebs and Graham Cluley; Adobe has confirmed that Shockwave Player includes an older version of Flash Player that is missing a very large number of security fixes.

Such fixes have been made available to Flash Player but they have not yet been included even within the newest Shockwave Player v12.2.0.162. This provides a compelling reason to consider an alternative if you are using Shockwave Player regularly in order to reduce the risk of such vulnerabilities being exploited.
=======================

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s