Jump to content


Photo

MS Security Advisories


  • Please log in to reply
313 replies to this topic

#251 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 08 May 2012 - 08:21 PM

FYI...

Microsoft Security Advisory (2695962)
Update Rollup for ActiveX Kill Bits
- https://technet.micr...dvisory/2695962
May 08, 2012
> http://support.micro....com/kb/2695962

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#252 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 03 June 2012 - 10:17 PM

FYI...

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2718704
June 03, 2012 - "Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
• Microsoft Enforced Licensing Intermediate PCA (2 certificates)
• Microsoft Enforced Licensing Registration Authority CA (SHA1)
Recommendation. For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
* http://support.micro....com/kb/2718704

- https://blogs.techne...Redirected=true
3 Jun 2012 - "We recently became aware of a complex piece of targeted malware known as 'Flame' and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks..."

- https://blogs.techne...Redirected=true
3 Jun 2012 - "... we released Security Advisory 2718704*, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority... we encourage all customers to apply the officially tested update to add the proper certificates to the Untrusted Certificate Store... Components of the Flame malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority. This code-signing certificate came by way of the Terminal Server Licensing Service that we operate to issue certificates to customers for ancillary PKI-based functions in their enterprise. Such a certificate could (without this update being applied) also allow attackers to sign code that validates as having been produced by Microsoft.
Conclusion: We recommend that all customers apply this update."

- http://support.microsoft.com/kb/894199
Last Review: June 4, 2012 - Revision: 129.0
___

- http://www.securityt....com/id/1027114
Jun 4 2012
... Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.
Windows Mobile 6.x and Windows Phone 7 and 7.5 are also affected.
Impact: A remote user may be able to spoof code signing signatures.
Solution: The vendor has issued a fix (KB2718704), available via automatic update...

>> https://www.f-secure...s/00002377.html
June 4, 2012
___

Microsoft Security Advisory (2718704)
- http://atlas.arbor.n...dex#-2141289419
Severity: Extreme Severity
Published: Monday, June 04, 2012 20:39
This security vulnerability is high risk and should be looked at ASAP by security teams.
Analysis: Due to the risks involved, multiple sources suggest that this issue be mitigated as soon as possible. The vulnerability has already been used in the Flame malware, which has been around for a few years. How many other potential adversaries have found and are leveraging the same security hole for their purposes is an open question.
Source: http://technet.micro...dvisory/2718704

Source: https://isc.sans.edu...l?storyid=13366
Last Updated: 2012-06-05 ...(Version: 4)

Source: http://www.wired.com...-security-fail/
June 1, 2012 Mikko Hypponen, Chief Research Officer - F-Secure

:ph34r: :!:

Edited by AplusWebMaster, 07 June 2012 - 01:32 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#253 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 09 June 2012 - 05:48 AM

FYI...

WSUS and Windows update hardening

- http://blogs.technet...-available.aspx
8 Jun 2012
- http://blogs.technet...-this-week.aspx
June 8, 2012 - Revision: 2.2
- http://blogs.technet...-available.aspx
8 Jun 2012

... and:

- http://support.micro....com/kb/2720211
Last Review: June 8, 2012 - Revision: 2.2
- http://support.microsoft.com/kb/894199
Last Review: June 8, 2012 - Revision: 131.0
___

An update for Windows Server Update Services 3.0 Service Pack 2 is available
- http://support.micro....com/kb/2720211
Last Review: June 11, 2012 - Revision: 5.0

:!: :ph34r:

Edited by AplusWebMaster, 11 June 2012 - 10:21 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#254 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 12 June 2012 - 05:04 PM

FYI...

Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist....d=CVE-2012-1889 - 9.3 (HIGH)
> http://support.micro...9615#FixItForMe

- https://secunia.com/advisories/49456/
Release Date: 2012-06-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is reportedly being actively exploited.
Solution: Apply Microsoft Fix it solution.
Reported as a 0-day.
Original Advisory: Microsoft:
http://technet.micro...dvisory/2719615

- http://googleonlines...lity-under.html
June 12, 2012 - "... attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable..."
___

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___

An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- http://support.micro....com/kb/2677070
Last Review: June 13, 2012 - Revision: 2.0

> https://blogs.techne...Redirected=true
___

> http://www.spywarein...mary-june-2012/

:ph34r: :ph34r:

Edited by AplusWebMaster, 13 June 2012 - 11:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#255 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 13 June 2012 - 09:36 PM

FYI...

Further insight into Security Advisory 2719615
- https://blogs.techne...Redirected=true
13 Jun 2012 - "During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615*, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update. We encourage customers to read more about SA2716915's one-click, no-reboot-required Fix it in an in-depth post on the SRD blog**."
* http://technet.micro...dvisory/2719615

** http://blogs.technet...-fixing-it.aspx

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2718704
"... update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1) ..."
V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#256 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 16 June 2012 - 12:32 PM

FYI...

FixIt NOW - 0-day XML Core Services...
> https://isc.sans.edu...l?storyid=13489
Last Updated: 2012-06-16 15:58:47 UTC - "... metasploit module (public release) for this vulnerability. Users are encouraged to patch*..."

* http://support.micro...9615#FixItForMe
June 12, 2012 - Revision: 3.0

> http://web.nvd.nist....d=CVE-2012-1889 - 9.3 (HIGH)

- https://secunia.com/advisories/49456/
Last Update: 2012-06-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is currently being actively exploited...

- http://h-online.com/-1619732
18 June 2012

- https://www.us-cert....y_advisory_for5
updated June 25, 2012

- http://nakedsecurity...le-exploit-kit/
June 29, 2012 - "... CVE-2012-1889 exploiting code very similar to that published to Metasploit was seen within the landing page of a Blackhole exploit kit..."

:grrr: :ph34r: :!:

Edited by AplusWebMaster, 04 July 2012 - 01:14 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#257 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 10 July 2012 - 02:58 PM

FYI...

MS Security Advisories - 2012.07.10 ...

Microsoft Security Advisory (2728973)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2728973
July 10, 2012

- https://blogs.techne...Redirected=true
July 10, 2012 - "... we’ve chosen to -deprecate- the Windows Gadget Gallery effective immediately, and to provide a Fix it to help sysadmins disable Gadgets and the Sidebar across their enterprises..."
Microsoft Security Advisory (2719662)
Vulnerabilities in Gadgets Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719662
July 10, 2012 - "... Applying the automated Microsoft Fix It* solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality..."
* http://support.micro...9662#FixItForMe
Last Review: July 13, 2012 - Revision: 2.0

- https://isc.sans.edu...l?storyid=13651
Last Updated: 2012-07-10 22:10:12 UTC - "... insecure gadgets allow random code to be executed with the rights of the logged on user..."

Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719615
Published: Tuesday, June 12, 2012 | Updated: Tuesday, July 10, 2012
"... We have issued MS12-043 to address this issue..."
- http://support.micro...2479#FixItForMe
July 10, 2012
Fix it solution for MSXML version 5 - Microsoft Fix it 50908
> http://go.microsoft....?linkid=9813081

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
July 10, 2012 - v17.0: Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-046

> http://www.spywarein...post__p__767897

:!: :ph34r:

Edited by AplusWebMaster, 14 July 2012 - 11:19 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#258 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 24 July 2012 - 07:26 PM

FYI...

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.micr...dvisory/2737111
July 24, 2012 - "Microsoft is investigating new public reports of vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint, which ship that component. Customers that apply the workarounds described in this advisory are not exposed to the vulnerabilities described in Oracle Critical Patch Update Advisory - July 2012. The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries. In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
• V1.1 (July 25, 2012): Revised the workaround titles for clarity. There were no changes to the workaround steps.

More info...
- https://blogs.techne...Redirected=true
24 Jul 2012

Microsoft Exchange Server...
- https://secunia.com/advisories/50019/
Release Date: 2012-07-25
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.micro...dvisory/2737111

Microsoft SharePoint and FAST Search Server vuln...
- https://secunia.com/advisories/50049/
Release Date: 2012-07-25
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.micro...dvisory/2737111
___

- http://www.kb.cert.org/vuls/id/118913
Last revised: 27 Jul 2012

- http://h-online.com/-1653568
26 July 2012

> http://www.spywarein...post__p__768388

.

Edited by AplusWebMaster, 28 July 2012 - 10:16 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#259 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 14 August 2012 - 04:30 PM

FYI...

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.micr...dvisory/2737111
• V2.0 (August 14, 2012): Advisory updated to reflect publication of security bulletin for Microsoft Exchange.
... MS12-058* addresses this issue for Microsoft Exchange.
* https://technet.micr...lletin/ms12-058

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.micr...dvisory/2661254
August 14, 2012 - Ref:
> http://support.micro....com/kb/2661254
... Update for minimum certificate key length
August 14, 2012 - Revision: 1.6

>> http://www.spywarein...post__p__769807

:!: :!:

Edited by AplusWebMaster, 15 August 2012 - 09:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#260 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 20 August 2012 - 05:12 PM

FYI...

Microsoft Security Advisory (2743314)
Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
- https://technet.micr...dvisory/2743314
August 20, 2012 - "Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://support.micro....com/kb/2744850
Last Review: August 20, 2012 - Revision: 1.4

- http://h-online.com/-1672257
22 August 2012
___

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://blogs.techne...Redirected=true
14 Aug 2012 - "... an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center. The security advisory is located at:
http://technet.micro...dvisory/2661254 .
The KB article is available at http://support.micro....com/kb/2661254 *.
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012..."
* http://support.micro....com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1

:!:

Edited by AplusWebMaster, 22 August 2012 - 09:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#261 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 11 September 2012 - 05:36 PM

FYI...

Microsoft Security Advisory (2736233)
Update Rollup for ActiveX Kill Bits
- https://technet.micr...dvisory/2736233
Sep 11, 2012 - "... This update sets the kill bits for the following third-party software:
Cisco Secure Desktop... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco Hostscan... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco AnyConnect Secure Mobility Client... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable..."
- http://support.micro....com/kb/2736233

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.micr...dvisory/2661254
V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.
- http://support.micro....com/kb/2661254
Last Review: September 12, 2012 - Revision: 3.0

:ph34r:

Edited by AplusWebMaster, 13 September 2012 - 08:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#262 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 17 September 2012 - 09:29 PM

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
* http://technet.micro...dvisory/2757760
17 Sep 2012 (see "Workarounds" [install EMET**, etc.] ) - "... To download EMET, visit the following Microsoft website:
https://www.microsof...s.aspx?id=29851 ..."

** http://support.micro....com/kb/2458544

- https://blogs.techne...Redirected=true
17 Sep 2012 - "... we released Security Advisory 2757760* to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue. In the meantime, customers using Internet Explorer are protected when they deploy the following workarounds and mitigations included in the advisory:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.
• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760*. EMET in action is unobtrusive and should not affect customers’ Web browsing experience. We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."
___

- https://www.net-secu...ld.php?id=13614
18 Sep 2012 - "... The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being."

:( :ph34r:

Edited by AplusWebMaster, 18 September 2012 - 07:54 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#263 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 18 September 2012 - 07:54 PM

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...dvisory/2757760
V1.1 (Sep 18, 2012): Assigned Common Vulnerability and Exposure number CVE-2012-4969 to the issue. Also -corrected- instructions in the EMET workaround.

- http://web.nvd.nist....d=CVE-2012-4969 - 9.3 (HIGH)
"... function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012..."

- https://blogs.techne...Redirected=true
18 Sep 2012 - "We will release a Fix it in the next few days to address an issue in Internet Explorer... It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer. This Fix it will be available for everyone to download and install within the next few days..."

:!:

Edited by AplusWebMaster, 19 September 2012 - 06:19 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#264 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 19 September 2012 - 09:08 PM

FYI...

Microsoft Security Advisory 2757760 - FixIt available
Vulnerability in Internet Explorer could allow remote code execution
- https://technet.micr...dvisory/2757760
V1.2 (Sep 19, 2012): Added link to Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer," that prevents exploitation of this issue.
"... use the automated Microsoft Fix it solution to enable or disable this workaround..."
> http://support.micro...7760#FixItForMe
Last Review: September 20, 2012 - Revision: 2.0
"... click the Fix it button or link under the Enable heading..."
Microsoft Fix it 50939

:!:

Edited by AplusWebMaster, 20 September 2012 - 10:34 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#265 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,223 posts

Posted 21 September 2012 - 11:46 AM

"For computers that are running 64-bit operating systems, the following Fix it solution only applies to 32-bit versions of Internet Explorer."

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#266 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 21 September 2012 - 12:43 PM

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...dvisory/2757760
V2.0 (Sep 21, 2012): Advisory updated to reflect publication of security bulletin.
"... We have issued MS12-063 to address this issue..."
* https://technet.micr...lletin/ms12-063
Sep 21, 2012 - "... rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows..."

- https://blogs.techne...Redirected=true
21 Sep 2012

- http://atlas.arbor.n...ndex#1229731326
Severity: Extreme Severity
Sep 21, 2012
MS12-063 patches the recent 0day security hole in Internet Explorer along with other security holes.
Analysis: The exploit for one of the now-patched security holes was first found and reported last week and was apparently used in targeted attacks. One of the actions of at least one group of attackers was the installation of the Poison Ivy Remote Access Trojan (RAT). The exploit for this issue was soon revealed to the public and a Metasploit module was developed, allowing anyone to gain access to the exploit code for any purpose...

> https://update.microsoft.com/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- https://technet.micr...dvisory/2755801
Sep 21, 2012 - "... availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10... The update addresses the vulnerabilities described in Adobe security bulletins APSB12-18 and APSB12-19. As of the release of this update, CVE-2012-1535* is known to be under active attack. For more information about this update, including download links, see Microsoft Knowledge Base Article 2755399**... Customers with Windows 8 Release Preview and Windows Server 2012 Release Candidate are encouraged to apply the update to their systems. The update is only available on Windows Update**..."
** http://go.microsoft....k/?LinkId=21130

* http://web.nvd.nist....d=CVE-2012-1535 - 9.3 (HIGH)
Last revised: 08/15/2012
** http://support.micro....com/kb/2755399
Sep 21, 2012
- https://blogs.techne...Redirected=true
21 Sep 2012

- http://atlas.arbor.n...ndex#1045103976
Severity: Elevated Severity
Sep 21, 2012
Microsoft releases a security update to Flash player.
Analysis: This patch resolves security issues patched by Adobe in August 2012 for Internet Explorer 10 on Windows 8. This includes the following CVE's: CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171. Attacks on the CVE-2012-1535 vulnerability are actively underway...

:!:

Edited by AplusWebMaster, 22 September 2012 - 08:18 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#267 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 09 October 2012 - 02:50 PM

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
* http://support.micro....com/kb/2749655

Security Advisory 2749655 and timestamping
- https://blogs.techne...Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
___

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- http://technet.micro...dvisory/2737111
• V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
* http://technet.micro...lletin/ms12-067

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- http://technet.micro...dvisory/2661254
• V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe -Flash- Player in IE 10
* https://technet.micr...dvisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.micro....com/kb/2758994

:!: :!:

Edited by AplusWebMaster, 09 October 2012 - 04:34 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#268 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 13 November 2012 - 10:20 PM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://technet.micro...dvisory/2269637
V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
* http://technet.micro...lletin/ms12-074

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
* http://technet.micro...lletin/ms12-046
V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
** http://support.micro....com/KB/2687626
November 13, 2012 - Revision: 2.0

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#269 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 11 December 2012 - 10:30 PM

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.micro...lletin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.micro....com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___

The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.

- http://technet.micro...lletin/MS12-043
- http://technet.micro...lletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.micro...lletin/MS12-057
- http://technet.micro...lletin/MS12-059
- http://technet.micro...lletin/MS12-060

:ph34r: :blink:

Edited by AplusWebMaster, 14 December 2012 - 10:32 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#270 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 01 January 2013 - 09:46 AM

FYI...

MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.micro...4220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...

- https://blogs.techne...Redirected=true
31 Dec 2012

- https://web.nvd.nist...d=CVE-2012-4792 - 9.3 (HIGH)
___

- https://windowssecre...er-to-remember/
Jan 2, 2013
> http://www.microsoft...ins/201212.aspx

:!:

Edited by AplusWebMaster, 03 January 2013 - 06:38 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#271 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 03 January 2013 - 01:22 PM

FYI...

MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.micro....com/kb/2677070
___

- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."

:ph34r:

Edited by AplusWebMaster, 04 January 2013 - 09:25 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#272 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 07 January 2013 - 11:02 AM

FYI...

IE FixIt negated with bypass ...
- http://www.securityt....com/id/1027930
CVE Reference: https://web.nvd.nist...d=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes  
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusin...-cve-2012-4792/
The vendor's advisory is available at:
http://technet.micro...dvisory/2794220

Mitigation: Use an alternative browser until a full patch is released for this issue.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 07 January 2013 - 11:03 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#273 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 08 January 2013 - 04:45 PM

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.micro...advisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.micro....com/kb/2796096
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#274 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 14 January 2013 - 10:18 PM

FYI...

Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"

Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008: http://www.spywarein...-2013/?p=775925
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#275 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 26 March 2013 - 06:27 PM

FYI...

Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.micro...dvisory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.micro....com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
    Windows RT
    Windows 8
    Windows 8 Enterprise
    Windows 8 Pro
    Windows Server 2012 Datacenter
    Windows Server 2012 Essentials
    Windows Server 2012 Foundation
    Windows Server 2012 Standard
___

- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.micro...dvisory/2819682
- http://support.micro....com/kb/2832006
 

:!:


Edited by AplusWebMaster, 27 March 2013 - 08:39 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#276 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 09 April 2013 - 09:35 AM

FYI...

MS - End of Support ...
- https://blogs.techne...Redirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#277 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 03 May 2013 - 10:32 PM

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- https://blogs.techne...Redirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___

- http://arstechnica.c...ns-researchers/
May 4, 2013

- http://www.invincea....a-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."

- https://www.virustot...777fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date:     2013-05-02

- http://www.securityt....com/id/1028514
CVE Reference: https://web.nvd.nist...d=CVE-2013-1347
May 4 2013
Vendor Confirmed:  Yes  
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.micro...dvisory/2847140

- https://secunia.com/advisories/53314/
Release Date: 2013-05-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 8.x ...
Reported as a 0-day...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 06 May 2013 - 05:52 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#278 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 06 May 2013 - 11:58 AM

FYI...

IE8 0-Day update ...
- https://isc.sans.edu...l?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist...d=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."

- http://technet.micro...dvisory/2847140
May 03, 2013
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#279 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 08 May 2013 - 10:38 PM

FYI...

Fix it for IEv8 available
- http://support.micro...7140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992

 

- https://blogs.techne...Redirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."


- http://technet.micro...dvisory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.
 
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."

 

:ph34r:


Edited by AplusWebMaster, 09 May 2013 - 01:33 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#280 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 14 May 2013 - 02:20 PM

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2847140
Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
* https://technet.micr...lletin/ms13-038

Microsoft Security Advisory (2820197)
Update Rollup for ActiveX Kill Bits
- http://technet.micro...dvisory/2820197
May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
• Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
        {0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
• SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
        {29e9b436-dfac-42f9-b209-bd37bafe9317} ..."

Microsoft Security Advisory (2846338)
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
- http://technet.micro...dvisory/2846338
May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.micro...dvisory/2755801
Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
* https://www.adobe.co.../apsb13-14.html
"...  Flash Player 11.7.700.202 for Windows 8..."
 

:ph34r: :ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 14 May 2013 - 02:35 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#281 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 11 June 2013 - 03:32 PM

FYI...

Microsoft Security Advisory (2854544)
Update to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
* http://support.micro....com/kb/2813430

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.micro...dvisory/2755801
June 11, 2013 - Version: 13.0
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#282 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 13 August 2013 - 01:37 PM

FYI...

Microsoft Security Advisory (2861855)
Updates to Improve Remote Desktop Protocol Network-level Authentication
- http://technet.micro...dvisory/2861855
August 13, 2013

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
August 13, 2013

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
Published: June 11, 2013 | Updated: August 13, 2013

Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
- https://isc.sans.edu...l?storyid=16361
Last Updated: 2013-08-13 18:12:43
 

:ph34r: :ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#283 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 28 August 2013 - 06:09 PM

FYI...

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.micr...dvisory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.micr...dvisory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#284 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 17 September 2013 - 05:05 PM

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2887505
September 17, 2013 - "Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
* http://support.micro...7505#FixItForMe
"Notes about this Fix it solution: 
- You must restart Internet Explorer after you apply this Fix it solution.
- The Fix it solution that is described in this section applies only (to) 32-bit versions of Internet Explorer. 
- You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699... view the article in the Microsoft Knowledge Base:
2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
This Fix it solution is not intended to be a replacement for any security update..."
Last Review: September 18, 2013 - Revision: 2.2
Applies to:
    Internet Explorer 11
    Internet Explorer 10
    Windows Internet Explorer 9
    Windows Internet Explorer 8
    Windows Internet Explorer 7
    Microsoft Internet Explorer 6.0"

MS13-069: http://support.micro....com/kb/2870699
Last Review: September 18, 2013 - Revision: 2.0

- https://blogs.techne...Redirected=true
17 Sep 2013
___

- https://atlas.arbor.net/briefs/
High Severity
September 20, 2013 21:24
Analysis: Once exploit code of this nature reaches the public, or semi-public sources, those that are paying attention (both "whitehat" and "blackhat" researchers, typically) have the information for defense and for offense. While this exploit code is not yet known to have been leveraged in any exploit kit and only in the context of targeted attacks, it is just a matter of time before the exploit becomes weaponized and expands past it's current use in targeted attacks and is use for cybercrime related activities. EMET is helpful, as is providing other hardening techniques such as whitelisting and application sandboxing where appropriate. 0day exploits are a fact of life, and there is evidence to suggest that this particular vulnerability has been exploited in the wild for some time.
Source: http://www.net-secur...cle.php?id=1885
19 Sep 2013 - "... The simplest way to avoid this risk is to use a browser other than Internet Explorer..."

- https://secunia.com/advisories/54884/
Release Date: 2013-09-18
Criticality: Extremely Critical
Impact: System access
Solution Status: Partial Fix...
CVE Reference:https://web.nvd.nist...d=CVE-2013-3893 - 9.3 (HIGH)
Provided and/or discovered by: Reported as a 0-day...

- http://community.web...-2013-3893.aspx
18 Sep 2013 - "... close to 70% of Windows-based PCs are vulnerable..."
___

- http://www.fireeye.c...-2013-3893.html
Sep 21, 2013 - "... Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain. Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran -successfully- on systems running both MS Office 2007 and 2010..."

- http://community.web...y-reported.aspx
26 Sep 2013 - "...  attacks utilizing the most recent Internet Explorer zero-day (CVE-2013-3893) are more prevalent than previously thought... We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address (hxxp: //220.229.238.123 /tn/images/index.html) as of September 25th..."

- https://www.virustot...23/information/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 29 September 2013 - 02:55 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#285 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 01 October 2013 - 06:13 PM

FYI...

Metasploit releases CVE-2013-3893 ...
- https://community.ra...-use-after-free
Sep 30, 2013 - "Recently the public has shown a lot of interest in the new Internet Explorer vulnerability (CVE-2013-3893) that has been exploited in the wild, which was initially discovered in Japan. At the time of this writing there is still no patch available, but there is still at least a temporary fix-it that you can apply from Microsoft, which can be downloaded here*... The vulnerability affects Internet Explorer from 6 all the way to 11, however, the exploit in the wild primarily targets Internet Explorer 8 on Windows XP, and Internet Explorer 8 and 9 on Windows 7... The Metasploit module currently can be only tested on Internet Explorer 9 on Windows 7 SP1 with either Office 2007 or Office 2010 installed..."
* https://support.micr...7505#FixItForMe
Microsoft Fix it 51001

- https://isc.sans.edu...l?storyid=16697
Last Updated: 2013-10-01 19:57:14 UTC... Version: 2
 

:ph34r: :ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#286 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 09 October 2013 - 07:43 AM

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2887505
Updated: October 08, 2013 - Version: 2.0 - "... We have issued MS13-080* to address the Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)..."
* https://technet.micr...lletin/ms13-080

- https://secunia.com/advisories/54884/
Last Update: 2013-10-11
Criticality: Extremely Critical
CVE Reference(s): CVE-2013-3872, CVE-2013-3873, CVE-2013-3874, CVE-2013-3875, CVE-2013-3882, CVE-2013-3885, CVE-2013-3886, CVE-2013-3893*, CVE-2013-3897
... vulnerability is currently being actively exploited in targeted attacks.

- https://web.nvd.nist...d=CVE-2013-3872 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3873 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3874 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3875 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3882 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3885 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3886 - 9.3 (HIGH)
* https://web.nvd.nist...d=CVE-2013-3893 - 9.3 (HIGH)
Last revised: 10/10/2013
- https://web.nvd.nist...d=CVE-2013-3897 - 9.3 (HIGH)
Last revised: 10/10/2013 - "... as exploited in the wild in September and October 2013..."

- http://www.darkreadi...endly=this-page
Oct 09, 2013

- http://community.web...gh-profile.aspx
9 Oct 2013 - CVE-2013-3897
___

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
Updated: October 08, 2013 - Version: 1.2 - "Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks... Note that the 2862966 update is a prerequisite and must be applied before this update can be installed. The 2862966 update contains associated framework changes to Microsoft Windows. For more information, see Microsoft Knowledge Base Article 2862966.
Known Issues. Microsoft Knowledge Base Article 2862973 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
- http://support.micro....com/kb/2862966
Last Review: August 27, 2013 - Revision: 4.0
- http://support.micro....com/kb/2862973
Last Review: August 15, 2013 - Revision: 2.0
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 11 October 2013 - 07:07 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#287 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 05 November 2013 - 02:01 PM

FYI...

Clarification on Security Advisory 2896666 ...
- https://blogs.techne...Redirected=true
7 Nov 2013
___

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
5 Nov 2013 - "Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products. The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images...  
Workarounds: Disable the TIFF codec
Note See Microsoft Knowledge Base Article 2896666* to use the automated Microsoft Fix it solution..."
* https://support.micr....com/kb/2896666
Enable this Fix it - Microsoft Fix it 51004...

- https://support.micr...96666#appliesto

- http://blogs.technet...-documents.aspx
5 Nov 2013 - "... Security Advisory 2896666 which includes a proactive Fix it workaround for blocking this attack..."
___

- https://secunia.com/advisories/55584/
Release Date: 2013-11-06
Criticality: Extremely Critical
Where: From remote
Impact: System access ...
... vulnerability is currently being actively exploited in targeted attacks.
Provided and/or discovered by: Reported as 0-day.
Original Advisory: Microsoft (KB2896666):
http://technet.micro...dvisory/2896666

- https://web.nvd.nist...d=CVE-2013-3906 - 9.3 (HIGH)
Last revised: 11/07/2013 - "... allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013"

0-Day Attack on Office...
- http://krebsonsecuri...tack-on-office/
5 Nov 2013 - "... the exploit combines multiple techniques to bypass exploit mitigation techniques such as data execution prevention (DEP) and address space layout randomization (ASLR). The company says this exploit will -not- affect Office 2013, but will affect older versions such as Office 2003 and Office 2007..."

- http://blogs.technet...ve/2013/11.aspx
Nov 5, 2013 - "... the exploit combines multiple techniques to bypass DEP and ASLR protections... Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is -not- affected when running on newer Windows families (7, 8 and 8.1)..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 November 2013 - 07:00 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#288 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 12 November 2013 - 02:35 PM

FYI...

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
V1.1 (November 12, 2013): Clarified the scope of the active attacks, clarified affected software configurations, and revised workarounds...

- http://atlas.arbor.n...ndex#2125368770
High Severity
15 Nov 2013 15:38:46 +0000
The CVE-2013-3906* vulnerability has been leveraged by several threat actors. Organizations are strongly encouraged to ensure they are protected against this seriously vulnerability which has yet to be patched. A workaround is available**.
Source: http://www.fireeye.c...-2013-3906.html

* https://web.nvd.nist...d=CVE-2013-3906 - 9.3 (HIGH)

** https://support.micr....com/kb/2896666
Last Review: Nov 12, 2013 - Rev 3.0
Microsoft Fix it 51004
___

 

Microsoft Security Advisory (2880823)
Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2880823
Nov 12, 2013 - "Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2868725)
Update for Disabling RC4
- http://technet.micro...dvisory/2868725
Nov 12, 2013 - "Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT to address known weaknesses in RC4. The update supports the removal of RC4 as an available cipher on affected systems through registry settings. It also allows developers to remove RC4 in individual applications through the use of the SCH_USE_STRONG_CRYPTO flag in the SCHANNEL_CRED structure. These options are -not- enabled by default.
Recommendation. Microsoft recommends that customers download and install the update immediately and then test the new settings in their environments. Please see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess Could Allow Security Feature Bypass
- http://technet.micro...dvisory/2862152
Nov 12, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information..."
___

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
V1.3 (November 12, 2013): Added the 2868725 update and Root Certificates Policy announcement to the Available Updates and Release Notes section.
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 17 November 2013 - 11:30 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#289 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 28 November 2013 - 07:25 AM

FYI...

Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2914486
November 27, 2013 - "Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003. The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Microsoft is actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."

0 day exploit in wild
- https://isc.sans.edu...l?storyid=17117
Last Updated: 2013-11-28 01:05:44 - "... the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions..."

- http://www.fireeye.c...n-the-wild.html
November 27, 2013 - "... The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit..."
- http://www.adobe.com...latform=Windows

- https://atlas.arbor....dex#-1423916473
High Severity
Published: Fri, 06 Dec 2013 00:00:26 +0000
Public exploit code has been released for CVE-2013-5065, a vulnerability in the Windows Kernel NDPROXY component that allows for privilege escalation attacks.
Analysis: .... With public exploit code available, the bar has been lowered significantly.
Source: http://1337day.com/exploits/21615

- https://web.nvd.nist...d=CVE-2013-5065 - 7.2 (HIGH)
Last revised: 11/29/2013 - "... as exploited in the wild in November 2013."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 07 December 2013 - 10:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#290 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 09 December 2013 - 09:20 PM

FYI...

MS Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
Dec 9, 2013 - "Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. The improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory... in addition to addressing the certificates described in this advisory, this update is cumulative and includes digital certificates described in previous advisories..."
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#291 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 10 December 2013 - 03:46 PM

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
Dec 10, 2013 - "Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with Security Bulletin MS13-098, but will not be enabled until June 10, 2014. Once enabled, the new default behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN_CERTIFICATE structure. Note that after June 10, 2014, Windows will no longer recognize non-compliant binaries as signed... see the Suggested Actions section of this advisory for more information..."  

Microsoft Security Advisory (2905247)
Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2905247
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1. Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks... see the Suggested Actions section of this advisory for more information..."

Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
- http://technet.micro...dvisory/2896666
Updated: Dec 10, 2013 - "... We have issued MS13-096* to address the Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906). For more information about this issue, including download links for an available security update, please review MS13-096..."
* https://technet.micr...lletin/ms13-096

Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.micro...dvisory/2871690
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly. Microsoft is not aware of any misuse of the affected UEFI modules. Microsoft is proactively revoking these non-compliant modules as part of ongoing efforts to protect customers. This action only affects systems running Windows 8 and Windows Server 2012 that are capable of UEFI Secure Boot where the system is configured to boot via UEFI and Secure Boot is enabled. There is no action on systems that do not support UEFI Secure Boot or where it is disabled... Microsoft Knowledge Base Article 2871690* documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues..."
* https://support.micr....com/kb/2871690

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Dec 10, 2013 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update..."
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#292 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 13 December 2013 - 09:33 AM

FYI...

Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
• V2.0 (December 12, 2013): Advisory revised to announce the availability of the 2917500 update for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates. The 2917500 update* is available via the Microsoft Update service and from the download center. For more information, see the Suggested Actions section of this advisory.
* http://support.micro....com/kb/2917500
Last Review: December 12, 2013
 

:ph34r:


Edited by AplusWebMaster, 13 December 2013 - 09:36 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#293 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 13 December 2013 - 02:31 PM

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
• V1.1 (December 13, 2013): Corrected the registry key information in the Test the Improvement to Authenticode Signature Verification suggested action. Customers who have applied or plan to apply the suggested action should review the revised information.
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#294 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 14 January 2014 - 05:21 PM

FYI...

Microsoft Security Advisory (2914486)
Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
- http://technet.micro...dvisory/2914486
Updated: Jan 14, 2014 - "... We have issued MS14-002* to address the Kernel NDProxy Vulnerability (CVE-2013-5065)..."
* https://technet.micr...lletin/ms14-002

- https://web.nvd.nist...d=CVE-2013-5065 - 7.2 (HIGH)
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Jan 14, 2014 - "... update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... available via Windows Update*..."
* https://update.microsoft.com/
___

Microsoft Security Advisory (2916652)
Improperly Issued Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2916652
V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 16 January 2014 - 04:46 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#295 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 04 February 2014 - 10:27 PM

FYI...

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Feb 04, 2014 Ver: 19.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11... Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.micr....com/kb/2929825
Last Review: Feb 4, 2014 - Rev: 2.0
 

:ph34r:


Edited by AplusWebMaster, 04 February 2014 - 10:30 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#296 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 11 February 2014 - 10:02 PM

FYI...

Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.micro...dvisory/2915720
Feb 11, 2014 - Ver: 1.2

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
Feb 11, 2014 - Ver: 2.0
 

:ph34r:


Edited by AplusWebMaster, 14 February 2014 - 06:46 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#297 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 20 February 2014 - 07:29 PM

FYI...

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: Feb 20, 2014 - "... Microsoft released an update (2934802) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-07. For more information about this update, including download links, see Microsoft Knowledge Base Article 2934802*.
Prerequisite: This update is not cumulative and requires that cumulative update 2916626**, released on January 14, 2014, be installed. The previous update (2929825), released on February 4, 2014, is not a dependency; the fixes it contains have been rolled into this current update (2934802).
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update**..."
* https://support.micr....com/kb/2934802

** https://support.micr....com/kb/2916626

*** http://update.micros...microsoftupdate

- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
___

Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2934088
Feb 19, 2014

- http://support.micro....com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.micros...microsoftupdate

* http://support.micro...4088#FixItForMe

- http://support.micro....com/kb/2909921 - MS14-010
Last Review: Feb 11, 2014 - Rev: 1.0

- https://web.nvd.nist...d=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in January and February 2014"

- http://atlas.arbor.n...dex#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 February 2014 - 04:29 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#298 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 28 February 2014 - 05:14 AM

FYI...

Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.micro...dvisory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."

* https://support.micr....com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...

** https://support.micr....com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#299 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 28 February 2014 - 08:43 PM

FYI...

Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.micro...dvisory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.

* http://update.micros...icrosoftupdate/

** http://support.micro....com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0
 

.


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#300 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,919 posts

Posted 11 March 2014 - 01:07 PM

FYI...

Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2934088
Updated: March 11, 2014 - "... We have issued MS14-012* to address this issue. For more information about this issue, including download links for an available security update, please review MS14-012..."
* https://technet.micr...lletin/ms14-012

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Updated: March 11, 2014 Version: 21.0 - "... announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button