Jump to content


Photo

MS Security Advisories


  • Please log in to reply
316 replies to this topic

#151 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 December 2009 - 02:34 PM

FYI...

Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/977981.mspx
Updated: December 08, 2009 - "Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bulletin MS09-072* to address this issue..." * http://www.microsoft...n/ms09-072.mspx

Microsoft Security Advisory (974926)
Credential Relaying Attacks on Integrated Windows Authentication
- http://www.microsoft...ory/974926.mspx
December 08, 2009 - "This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks..."

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
Updated: December 08, 2009 - "Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform..."

Microsoft Security Advisory (954157)
Security Enhancements for the Indeo Codec
- http://www.microsoft...ory/954157.mspx
December 08, 2009 - "... customers who do not have a use for the codec may choose to take an additional step and deregister the codec completely. Deregistering the codec would remove all attack vectors that leverage the Indeo codec. See Microsoft Knowledge Base Article 954157* for directions on how to deregister the codec..."
* http://support.microsoft.com/kb/954157
- http://web.nvd.nist....d=CVE-2009-4311
- http://web.nvd.nist....d=CVE-2009-4310
Last revised: 12/15/2009

:ph34r:

Edited by apluswebmaster, 23 December 2009 - 04:14 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#152 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 December 2009 - 05:11 AM

FYI...

New Reports of a Vulnerability in IIS
- http://blogs.technet...ity-in-iis.aspx
December 27, 2009 - "On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration. Customers using out of the box configurations and who follow security best practices are at reduced risk of being impacted by issues like this. Once we’re done investigating, we will take appropriate action to help protect customers...
IIS 6.0 Security Best Practices
http://technet.micro.../cc782762(WS.10).aspx
Securing Sites with Web Site Permissions
http://technet.micro.../cc756133(WS.10).aspx
IIS 6.0 Operations Guide
http://technet.micro.../cc785089(WS.10).aspx
Improving Web Application Security: Threats and Countermeasures
http://msdn.microsof...y/ms994921.aspx ..."

- http://isc.sans.org/...ml?storyid=7819
Last Updated: 2009-12-28 15:36:57 UTC (Version: 3) - "... they (MS) note that if the administrator had not altered the default configuration and followed best practices in the securing of the webserver, then this exploit wouldn't work. Unfortunately, we know that doesn't always wind up being the case..."

8 Basic Rules to Implement Secure File Uploads
- https://blogs.sans.o...e-file-uploads/
December 28, 2009

- http://secunia.com/advisories/37831/2/
Last Update: 2009-12-28
Critical: Less critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Information Services (IIS) 6
Solution: Restrict file uploads to trusted users only and remove "execute" permissions for upload directories...

- http://learn.iis.net...le-system-acls/
Updated on December 23, 2009

:ph34r: :ph34r:

Edited by apluswebmaster, 28 December 2009 - 10:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#153 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 29 December 2009 - 12:10 PM

FYI...

IIS vuln - Metasploit added...
- http://www.symantec....e-vulnerability
December 29, 2009 - "... There are varying reports on the severity of this issue, but according to Microsoft only poorly configured Web servers are at risk from this issue: “An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration.”
Essentially your site is at risk if it:
1. Runs on IIS.
2. Allows files to be uploaded.
3. Has execute permissions for the directory where the uploaded files are stored.
On December 28, Metasploit added support into their framework to allow exploitation of this issue. This makes it trivial to compromise badly configured servers as outlined above. This development could see a rise in exploitation of this issue..."

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#154 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 December 2009 - 04:28 AM

FYI...

Results of Investigation into Holiday IIS Claim
* http://blogs.technet...-iis-claim.aspx
December 29, 2009 - "... there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server. The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack. However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here’s a list of best practices resources:
· IIS 6.0 Security Best Practices
http://technet.micro.../cc782762(WS.10).aspx
· Securing Sites with Web Site Permissions
http://technet.micro.../cc756133(WS.10).aspx
· IIS 6.0 Operations Guide
http://technet.micro.../cc785089(WS.10).aspx
· Improving Web Application Security: Threats and Countermeasures
http://msdn.microsof...y/ms994921.aspx
The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog*..."
* http://blogs.iis.net...ons-in-url.aspx
December 29, 2009

- http://secunia.com/advisories/37831/2/
Last Update: 2009-12-30

- http://securitytrack...ec/1023387.html
Updated: Dec 29 2009

- http://www.theregist...r_bug_rebuttal/
30 December 2009 - "... Microsoft's nothing-to-worry-about-please-move-along advisory, which helpfully provides links to best practice web server security guidelines, can be found here*."

- http://web.nvd.nist....d=CVE-2009-4444

- http://web.nvd.nist....d=CVE-2009-4445

:ph34r: :ph34r:

Edited by apluswebmaster, 04 January 2010 - 10:20 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#155 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 January 2010 - 07:47 PM

FYI...

Microsoft Security Advisory (979267)
Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
- http://www.microsoft...ory/979267.mspx
January 12, 2010 - "Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player* provided by Adobe..."
* http://get.adobe.com/flashplayer/
December 8, 2009 - Flash Player v10.0.42.34

MS Windows Flash Player multiple vulnerabilities
- http://secunia.com/advisories/27105/2/
Release Date: 2010-01-12
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Microsoft Windows XP Home Edition, Microsoft Windows XP Professional
Solution: Uninstall the bundled version of Flash Player and optionally install the latest supported version of Flash Player from Adobe...
Original Advisory:
Secunia Research: http://secunia.com/s...search/2007-77/
Other References: How to remove the Flash Player ActiveX control:
http://kb2.adobe.com...7/tn_12727.html
How to uninstall the Adobe Flash Player plug-in and ActiveX control:
http://kb2.adobe.com...1/tn_14157.html

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#156 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 14 January 2010 - 07:42 PM

FYI...

0-day vuln in IE 6, 7 and 8
- http://isc.sans.org/...ml?storyid=7993
Last Updated: 2010-01-14 22:19:56 UTC

MS IE arbitrary code execution
- http://secunia.com/advisories/38209/2/
Release Date: 2010-01-15
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x, Microsoft Internet Explorer 7.x, Microsoft Internet Explorer 8.x
Solution: Do not browse untrusted websites or follow untrusted links.
Provided and/or discovered by: Reported as a 0-day.
Original Advisory: Microsoft (KB979352):
http://www.microsoft...ory/979352.mspx
http://blogs.technet...ory-979352.aspx
Other References: US-CERT VU#492515:
http://www.kb.cert.org/vuls/id/492515

- http://web.nvd.nist....d=CVE-2010-0249
Last revised: 01/15/2010

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/979352.mspx
January 14, 2010 - "Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 -are- affected. The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes..."

- http://blogs.technet...ory-979352.aspx
January 14, 2010 - "Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks... We released Security Advisory 979352 to provide customers with actionable guidance and tools to help with protections against exploit of this vulnerability..."

- http://support.micro...ixItForMeAlways
January 14, 2010 - "... We have also created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer. You do -not- need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms. To enable or disable DEP automatically, click the Fix it button or link..."

- http://www.krebsonse...n-google-adobe/
January 14, 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 17 January 2010 - 11:26 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#157 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 January 2010 - 04:08 PM

FYI...

(IE 0-day) Exploit code available for CVE-2010-0249
- http://isc.sans.org/...ml?storyid=8002
Last Updated: 2010-01-15 21:35:51 UTC - "The details for CVE-2010-0249* aka Microsoft Security Advisory 979352 ( http://www.microsoft...ory/979352.mspx ) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code. I expect Microsoft will have a patch available for the standard February patch day. There will not likely be an out-of-band patch for this unless a 3rd party makes their own available."

* http://web.nvd.nist....d=CVE-2010-0249
Last revised: 01/15/2010

- http://www.symantec....eatconlearn.jsp
"The ThreatCon is currently at Level 2: Elevated...
Microsoft has released a security advisory and mitigation for a new unpatched vulnerability affecting Internet Explorer... On January 14, 2009, the Metasploit exploitation framework added an exploit for the bug that would allow an attacker to gain control of the system. Availability of this exploit will increase the chance of in-the-wild exploitation of this issue..."

- http://blogs.technet...nerability.aspx
January 15, 2010

:grrr: :ph34r:

Edited by apluswebmaster, 17 January 2010 - 06:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#158 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 18 January 2010 - 09:11 PM

FYI...

MS IE Advisory 979352 Update - January 18
- http://blogs.technet...january-18.aspx
January 18, 2010 - "... earlier today, we were made aware of reports that researchers have developed Proof-of-Concept (PoC) code that exploits this vulnerability on Internet Explorer 7 on Windows XP and Windows Vista. We are actively investigating, but cannot confirm, these claims. Today we also published a guidance page, including an online video, for home users who may be confused, or concerned, about this security vulnerability and want to know what they should do to protect themselves from the known attacks. This page is located here*..."
* http://www.microsoft...updates/ie.aspx
"Microsoft has determined that one of the technologies used in the recent criminal attacks against Google and other corporate networks was Internet Explorer 6. Customers using Internet Explorer 8 are not affected by currently known attacks. We recommend that anyone not already using Internet Explorer 8 upgrade immediately. Internet Explorer 8 offers many additional security protections..."
- http://www.microsoft.com/ie

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#159 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 January 2010 - 03:06 PM

FYI...

IE - out-of-cycle patch coming...
- http://isc.sans.org/...ml?storyid=8017
Last Updated: 2010-01-19 20:10:13 UTC - "No, there still isn't a patch, but there will be one before the regular Microsoft patch day in February. The MSRC has posted a note on their blog* saying the timing will be announced tomorrow. In the meantime, we are hearing that the folks at VUPEN have found a way to bypass DEP as long as javascript is enabled (no, this doesn't appear to be the .NET ones from last year) which would make even IE8 vulnerable, we don't have the details at present, but if true this is a major development. This is a concern since Microsoft's advice is for those using IE6 and IE7 to move to IE8 where DEP is on by default. In any event, we continue to monitor the situation."
* http://blogs.technet...ut-of-band.aspx
January 19, 2010 - "We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability... We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time. We will provide the specific timing of the release tomorrow..."

- http://securitylabs....Blogs/3534.aspx
01.19.2010 - "... Our ThreatSeeker network has identified two more malicious URLs that are used in live attacks, this time hxxp ://201002.[REMOVED]:2988/log/ie .html and hxxp ://m.[REMOVED].net:81/m/index .html. According to reports from our friends at Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea... Due to the attention the new vulnerability has received, Microsoft has announced that they will release an out-of-band patch for Internet Explorer..."

- http://www.shadowser...lendar/20100119
2010-01-19

- http://www.microsoft...ry/archive.mspx
Updated: January 18, 2010

:ph34r:

Edited by apluswebmaster, 20 January 2010 - 04:43 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#160 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 January 2010 - 02:07 PM

FYI...

MS10-002 tomorrow...
- http://blogs.technet...in-release.aspx
January 20, 2010 - "... we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities... Today we also updated Security Advisory 979352* to include technical details addressing additional customer questions..."
* http://www.microsoft...ory/979352.mspx
• V1.2 (January 20, 2010): Revised Executive Summary to reflect the changing nature of attacks attempting to exploit the vulnerability. Clarified information in the Mitigating Factors section for Data Execution Prevention (DEP) and Microsoft Outlook, Outlook Express, and Windows Mail. Clarified several Frequently Asked Questions to provide further details about the vulnerability and ways to limit the possibility of exploitation. Added "Enable or disable ActiveX controls in Office 2007" and "Do not open unexpected files" to the Workarounds section.

:ph34r:

Edited by apluswebmaster, 20 January 2010 - 02:25 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#161 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 January 2010 - 10:45 PM

FYI...

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
- http://www.microsoft...ory/979682.mspx
January 20, 2010 - "Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
Revisions:
• V1.1 (January 22, 2010): Added links to Microsoft Knowledge Base Article 979682 in the Issue References table and Additional Suggestion Actions section. Added a link to Microsoft Knowledge Base Article 979682* to provide an automated Microsoft Fix it solution for the workaround, Disable the NTVDM subsystem.
* http://support.microsoft.com/kb/979682

- http://web.nvd.nist....d=CVE-2010-0232
Last revised: 01/22/2010
CVSS v2 Base Score: 6.6 (MEDIUM)

- http://blogs.technet...2-released.aspx
January 20, 2010

- http://secunia.com/advisories/38265/2/
Release Date: 2010-01-20
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched...
Original Advisory:
http://archives.neoh...10-01/0346.html

- http://www.sophos.co...-vulnerability/
January 21, 2010

:ph34r:

Edited by apluswebmaster, 24 January 2010 - 12:58 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#162 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 January 2010 - 09:47 AM

FYI...

More IE 0-Day exploit attacks...
- http://blog.trendmic...tacks-continue/
Jan. 21, 2010 - "Trend Micro has identified new malware samples that exploit the still-unpatched Internet Explorer (IE) vulnerability. These samples have been detected as JS_ELECOM.C and HTML_COMLE.CXC . Further analysis... the new scripts are versions of JS_DLOADER.FIS (the only difference being the encryption techniques used), which was widely used in the recent and still ongoing attacks targeting major organizations like Google and Adobe. In line with this, Microsoft announced that it will release an out-of-band security update to fix the issue. It is highly advised that users immediately download the security patch once released..."
More here*...
* http://threatinfo.tr...ads_HYDRAQ.html

Malware-laced PDF files using "Operation Aurora" attacks (IE 0-day) subject as lure...
- http://www.f-secure....s/00001863.html
January 21, 2010 - "... (SPAM) PDF file attachment which exploits the CVE-2009-4324 vulnerability in Adobe Reader (patched last week)..."

>>> http://www.spywarein...ndpost&p=713216

:grrr: :ph34r:

Edited by apluswebmaster, 22 January 2010 - 12:03 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#163 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 January 2010 - 06:11 AM

FYI...

“Aurora” exploit code: from Targeted Attacks to Mass Infection
- http://www.eset.com/...-mass-infection
January 25, 2010 - "Last Thursday, Microsoft released an out-of-band update to fix the latest vulnerability in Internet Explorer. Since then, malware operators have been exploiting this vulnerability to install malware on thousands of PCs. So far, we have detected more than 650 different versions of the exploit code which is detected as Trojan.JS/Exploit.CVE-2010-0249... We have also identified more than 220 unique distribution points for the exploit code, mostly located in Asia. The countries which are seeing the majority of the attacks are China, Korea and Taiwan... At the time of analysis, the list of files to download and execute included 7 links, mostly online game password stealers. To sum up, if you happen to browse to a web page delivering the latest CVE-2010-0249 exploit code, and if you haven’t patched and are not using an up to date antivirus, you will end up with 8 different pieces of malware on your PC within seconds..."

- http://www.microsoft...ory/979352.mspx
"... issued MS10-002* to address this issue..."
* http://www.spywarein...ndpost&p=713216

- http://blogs.technet...in-release.aspx
Jan 21, 2010 - "... We are also aware that the vulnerability can be exploited by including an ActiveX control in a Microsoft Access, Word, Excel, or PowerPoint file. Customers would have to open a malicious file to be at risk of exploitation... To be clear, applying the update for Internet Explorer addresses the issue across all products that may use mshtml.dll. Customers should install the update to be protected..."

products that use mshtml.dll
- http://support.micro...m/search/?adv=1
You have searched on: All products
1920 results ...

:ph34r: :ph34r:

Edited by apluswebmaster, 26 January 2010 - 08:06 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#164 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 February 2010 - 04:52 PM

FYI...

Microsoft Security Advisory (980088)
Vulnerability in Internet Explorer Could Allow Information Disclosure
- http://www.microsoft...ory/980088.mspx
February 03, 2010 - "Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue... The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites...
Workarounds: Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified...
Windows XP... Enable Internet Explorer Network Protocol Lockdown using automated Microsoft Fix It
See Microsoft Knowledge Base Article 980088* to use the automated Microsoft Fix it solution to enable or disable this workaround...
* http://support.microsoft.com/kb/980088
Impact of workaround. HTML content from UNC paths in the Internet / Local Intranet / Restricted zones will no longer automatically run script or ActiveX controls..."

(More detail at the URL above.)

- http://blogs.technet...8-released.aspx
February 03, 2010 - "... At this time we are not aware of any attacks seeking to use the vulnerability..."

- http://web.nvd.nist....d=CVE-2010-0255
Last revised: 02/05/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://secunia.com/advisories/38416/2/
Release Date: 2010-02-04
Critical: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 5.01, 6.x, 7.x, 8.x
Solution: Enable Network Protocol Lockdown for Windows XP, and Protected Mode on Windows Vista and later. Please see the vendor's advisory for more information...

- http://www.securityfocus.com/bid/38056
- http://www.symantec....eatconlearn.jsp
"... The vulnerability is trivially exploitable and is likely to be exploited in the wild..."

:ph34r: :ph34r:

Edited by apluswebmaster, 06 February 2010 - 11:43 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#165 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 February 2010 - 05:32 PM

FYI...

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
- http://www.microsoft...ory/979682.mspx
Updated: February 09, 2010 - "... We have issued MS10-015* to address this issue..."
* http://blogs.technet...tion-logic.aspx
• V1.2 (March 2, 2010): Added an item to the Frequently Asked Questions (FAQ) About this Security Update to announce the offering of revised packages on Windows Update. Customers who have already successfully updated their systems do not need to take any action.
• V1.3 (March 17, 2010): Added verification registry keys for the revised packages released March 2, 2010 for Microsoft Windows 2000, Windows XP, and Windows Server 2003. This is an informational change only.


Microsoft Security Advisory (977377)
Vulnerability in TLS/SSL Could Allow Spoofing
- http://www.microsoft...ory/977377.mspx
2/9/2010 - "Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors... The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues... As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround* is not intended for wide implementation and should be tested extensively prior to implementation..."
* http://support.microsoft.com/kb/977377

- http://secunia.com/advisories/38365/2/
Release Date: 2010-02-09
Critical: Less critical
Solution Status: Unpatched
Original Advisory:
http://www.microsoft...ory/977377.mspx

:ph34r:

Edited by apluswebmaster, 22 March 2010 - 10:46 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#166 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 February 2010 - 08:03 PM

FYI...

New win32hlp and IE issue
- http://blogs.technet...orer-issue.aspx
February 28, 2010 - "On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue. The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link*. Once we have completed our investigation, we will take appropriate action to protect customers..."
* http://www.microsoft...be-0542b3aa4bfe

- http://secunia.com/advisories/38727/
Release Date: 2010-03-01
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Systems affected: XP Home, XP Professional
Solution: Avoid pressing F1 on untrusted websites. Disable Active Scripting support

Also:
- http://isc.sans.org/...ml?storyid=8329
"Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it is time to update."

:ph34r:

Edited by apluswebmaster, 01 March 2010 - 07:57 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#167 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 March 2010 - 07:24 PM

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft...ory/981169.mspx
March 01, 2010 - "Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Affected Software:
Microsoft Windows 2000 SP4, Windows XP SP2, Windows XP SP3, and Windows XP Pro x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition SP2..."

IE 0-day using .hlp files
- http://isc.sans.org/...ml?storyid=8332
Last Updated: 2010-03-01 23:12:47 UTC

- http://preview.tinyurl.com/ybnajys
March 01, 2010 - MSRC Engineering

- http://securitytrack...ar/1023668.html
Mar 2 2010

- http://secunia.com/advisories/38916/
Release Date: 2010-03-11
Solution: Avoid pressing F1 inside documents or images placed in untrusted directories...

:ph34r:

Edited by apluswebmaster, 11 March 2010 - 10:55 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#168 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 March 2010 - 03:22 PM

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/981374.mspx
March 09, 2010 | Updated: March 10, 2010 - "Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue..."
- http://blogs.technet...4-released.aspx
KB 981374 - http://support.microsoft.com/kb/981374
See "APPLIES TO"...
• V1.1 (March 10, 2010): Restated the mitigation concerning the e-mail vector. Added a new workaround for disabling the peer factory class in iepeers.dll.

- http://blog.trendmic...-cve-2010-0806/
03/11/2010 - "... malicious JavaScript file as JS_SHELLCODE.CD... exploits CVE-2010-0806*"
* http://web.nvd.nist....d=CVE-2010-0806
Last revised: 03/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

IE 0-day - IE6, IE7...
- http://www.krebsonse...-explorer-0day/
March 9, 2010

- http://secunia.com/advisories/38860/
Last Update: 2010-03-10
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: MS IE6, IE7 ...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
August 11, 2009 | Updated: March 09, 2010 - "This advisory was released to announce to customers the release of a non-security update to make available a new feature, Extended Protection for Authentication, on the Windows platform...
•V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease (see "Affected Software") of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917*
* ( http://support.microsoft.com/kb/973917 )
- http://support.microsoft.com/kb/973811

:ph34r:

Edited by apluswebmaster, 12 March 2010 - 04:27 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#169 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 March 2010 - 05:24 PM

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution - IEv6-IEv7
- http://www.microsoft...ory/981374.mspx
Published: March 09, 2010 | Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it solution* to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003. (See "Workarounds")
* http://support.microsoft.com/kb/981374

- http://blogs.technet...ory-981374.aspx
March 12, 2010 - "... we are working hard to produce an update which is now in testing..."

- http://www.sophos.co...cle/110399.html

:ph34r:

Edited by apluswebmaster, 17 March 2010 - 08:26 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#170 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 March 2010 - 10:02 AM

FYI...

IE 0-Day status: IEv6, IEv7...
- http://securitylabs....Blogs/3585.aspx
03.19.2010 - "... Internet Explorer zero-day exploits are not new to the world: we have been suffering from them since the beginning of IE... Just a week after the exploit code was exposed to the world we have seen many variants come out..."

- http://www.microsoft...ory/981374.mspx
Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it* solution to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003.
* http://support.microsoft.com/kb/981374
Last Review: March 13, 2010 - Revision: 4.0

- http://web.nvd.nist....d=CVE-2010-0806
Last revised: 03/16/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://secunia.com/advisories/38860
Last Update: 2010-03-30
Criticality level: Extremely critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: MS IE 5.01, 6.x, 7.x, 8.x
Solution: Apply patches.
Advisory: MS10-018 (KB980182):
http://www.microsoft...n/ms10-018.mspx

- http://www.microsoft...ory/981374.mspx
Updated: March 30, 2010 - "... We have issued MS10-018* to address this issue..."
* http://www.spywarein...ndpost&p=719466

:ph34r:

Edited by apluswebmaster, 30 March 2010 - 02:35 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#171 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 April 2010 - 04:20 PM

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft...ory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-022* to address this issue..."

Microsoft Security Advisory (977544)
Vulnerability in SMB Could Allow Denial of Service
- http://www.microsoft...ory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-020* to address this issue..."

* http://www.spywarein...howtopic=128288

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#172 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 April 2010 - 02:34 AM

FYI...

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft...ory/983438.mspx
April 29, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. We are actively working with partners in our Microsoft Active Protections Program (MAPP)* to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
* http://www.microsoft...ation/mapp.aspx

- http://blogs.technet...8-released.aspx
April 29, 2010 - "... Customers running SharePoint Server 2007 or SharePoint Services 3.0 are encouraged to review and apply the mitigations and workarounds discussed in the Security Advisory..."

- http://web.nvd.nist....d=CVE-2010-0817

:!:

Edited by apluswebmaster, 30 April 2010 - 06:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#173 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 18 May 2010 - 04:04 PM

FYI...

Microsoft Security Advisory (2028859)
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
- http://www.microsoft...ry/2028859.mspx
May 18, 2010 - "Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://www.theregist...7_security_bug/
18 May 2010 - "... users can prevent attacks by disabling the Windows Aero Theme. To turn it off, choose Start > Control Panel and click on Appearance and Personalization. Then click on Change the Theme. Then select one of the Basic and High Contrast Themes."

:ph34r:

Edited by apluswebmaster, 19 May 2010 - 06:01 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#174 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 June 2010 - 05:28 PM

FYI...

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft...ory/983438.mspx
Updated: June 08, 2010 - "... We have issued MS10-039* to address this issue..."
* http://www.microsoft...n/ms10-039.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication.
See FAQ: "... updates released by Microsoft on June 8, 2010...", re: .NET Framework 2.0 ...

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#175 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 June 2010 - 04:03 PM

FYI...

MS Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
- http://www.microsoft...ry/2219475.mspx
June 10, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://www.microsoft...ry/2219475.mspx
• V1.1 (June 11, 2010): Added a link to Microsoft Knowledge Base Article 2219475 to provide an automated Microsoft Fix it solution* for the workaround, Unregister the HCP Protocol. * http://support.micro....com/kb/2219475
• V1.2 (June 15, 2010): Revised Executive Summary to reflect awareness of limited, targeted active attacks that use published proof-of-concept exploit code.

- http://securitytrack...un/1024084.html
Jun 10 2010

- http://www.kb.cert.org/vuls/id/578319
Date Last Updated: 2010-06-10

- http://www.h-online....ce-1019381.html
10 June 2010

:ph34r:

Edited by apluswebmaster, 15 June 2010 - 04:04 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#176 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 June 2010 - 09:37 AM

FYI...

CVE 2010-1885 exploit in the wild
- http://www.sophos.co...oslabs/?p=10045
June 15, 2010 - "The recent Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) is being exploited in the wild... Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component... on the victim’s computer, by exploiting this vulnerability. More details about CVE 2010-1885 can be found in our report here*."
* http://www.sophos.co...cle/111188.html

...automated Microsoft Fix it solution* for the workaround, Unregister the HCP Protocol.
- http://support.micro....com/kb/2219475
Last Review: June 14, 2010 - Revision: 2.1

- http://web.nvd.nist....d=CVE-2010-1885
... Windows XP and Windows Server 2003 ...
Last revised: 06/18/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://atlas.arbor.n...dex#-2114420025
Severity: High Severity
... active exploitation on the Internet. This affects Window users, especially Windows XP and Server 2003. Mitigations and workarounds have been described by Microsoft.
Analysis: This is a major issue for all Windows users, and we encourage sites to update as soon as possible once a fix is released, or to apply the mitigations.

- http://securitytrack...un/1024084.html
Jun 10 2010

- http://blog.trendmic...exploits-loose/
June 15, 2010

- http://www.avast.com...score-the-adult
28 June 2010 - "... HTML:Script-inf... infection is widespread and accounts for 20% of all infected UK pages. The infection takes advantage of a two week old Microsoft Windows vulnerability... CVE-2010-1885..."

- http://pandalabs.pan...ed-in-the-wild/
06/28/10 - "... cyber criminals are quick to adapt new exploit methods and in this case it literally took one day before we started seeing examples being exploited in the wild..."

:ph34r: :grrr: :ph34r:

Edited by apluswebmaster, 30 June 2010 - 07:59 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#177 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 July 2010 - 05:49 AM

FYI...

CVE-2010-1885 attack status...
- http://blogs.technet...-2010-1885.aspx
30 Jun 2010 - "... attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution. If you have not yet considered the countermeasures listed in the Microsoft Security Advisory (2219475*), you should consider them. As of today, over 10,000 distinct computers have reported seeing this attack at least one time. The following list shows some of the payloads we've detected:
• Trojan:Win32/Swrort.A
• TrojanDownloader:Win32/Obitel.gen!A
• Spammer:Win32/Tedroo.AB
• Trojan:Win32/Oficla.M
• TrojanSpy:Win32/Neetro.A
• Virus:JS/Decdec.A ..."

* http://support.micro....com/kb/2219475
Last Review: July 13, 2010 - Revision: 3.0 - "... We have released security bulletin MS10-042* to address this issue..."
* http://www.microsoft...n/MS10-042.mspx

- http://web.nvd.nist....d=CVE-2010-1885
Last revised: 07/20/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://krebsonsecuri...d-windows-flaw/
July 5, 2010

- http://community.web...ompromised.aspx
5 Jul 2010 - "... Articlealley .com has been compromised and injected with obfuscated code. Article Alley is a free article directory that aims to help authors promote and syndicate their content. It allows authors and promoters to get their articles out on the Web with the potential of being read by millions of readers. This site was compromised from the root domain, and as a result all subsequent sub-pages were infected by the attack.... attack is targeting the Microsoft Help and Support Center 0-day vulnerability CVE-2010-1885..."
(Screenshots available at the Websense URL above.)

:ph34r: :ph34r:

Edited by apluswebmaster, 23 July 2010 - 09:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#178 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 July 2010 - 01:34 PM

FYI...

Microsoft Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
- http://www.microsoft...ry/2219475.mspx
Published: June 10, 2010 | Updated: July 13, 2010 - "... We have issued M10-042* to address this issue..."
* http://www.microsoft...n/MS10-042.mspx

Microsoft Security Advisory (2028859)
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
- http://www.microsoft...ry/2028859.mspx
Published: May 18, 2010 | Updated: July 13, 2010 - "... We have issued MS10-043** to address this issue..."
** http://www.microsoft...n/MS10-043.mspx

- http://www.spywarein...ndpost&p=727423

:ph34r:

Edited by apluswebmaster, 13 July 2010 - 01:35 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#179 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 July 2010 - 05:46 AM

FYI...

Microsoft Security Advisory (2286198)
Vulnerability in Windows Shell Could Allow Remote Code Execution
- http://www.microsoft...ry/2286198.mspx
July 16, 2010 - "Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
• V1.1 (July 19, 2010)... "Microsoft is currently working to develop a security update for Windows to address this vulnerability..."

- http://blogs.technet...xnet-sting.aspx
16 Jul 2010

- http://www.kb.cert.org/vuls/id/940193
Last Updated: 2010-07-19

- http://www.us-cert.g...k_vulnerability
updated July 19, 2010

0-Day exploit is public
- http://www.f-secure....s/00001991.html
July 19, 2010

- http://securitytrack...ul/1024216.html
Updated: July 20 2010

:ph34r:

Edited by apluswebmaster, 20 July 2010 - 05:58 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#180 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 July 2010 - 12:22 PM

FYI...

More 0-day malware drivers...
- http://www.f-secure....s/00001993.html
July 20, 2010 - "... another digitally signed Stuxnet* driver. This one uses a certificate from JMicron Technology Corporation. Our detection for this new binary is Rootkit:W32/Stuxnet.D... Realtek is the source of the previously used certificate which has now been revoked by VeriSign..."
* http://blogs.technet...xnet-sting.aspx

:grrr: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#181 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 20 July 2010 - 01:45 PM

http://www.informati...ft_warns_1.html
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#182 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 July 2010 - 08:28 PM

FYI...

"Fixit" released for MS shortcut vuln...
Microsoft Security Advisory (2286198)
Vulnerability in Windows Shell Could Allow Remote Code Execution
- http://www.microsoft...ry/2286198.mspx
• V1.2 (July 20, 2010): Clarified the vulnerability exploit description and updated the workarounds...
Disable the displaying of icons for shortcuts ...
Note: See Microsoft Knowledge Base Article 2286198* to use the automated Microsoft Fix it solution to enable or disable this workaround. This Fix it solution will require a restart upon completion in order to be effective. This Fix it solution deploys the workaround, and thus has the same user impact. We recommend that administrators review the KB article closely prior to deploying this Fix it solution.
NOTE: Applying the fixit will remove the graphical representation of icons on the Task bar and Start menu bar and replace them with white icons without the graphical representation of the icon...
Note: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk...
* http://support.micro....com/kb/2286198
Last Review: July 21, 2010 - Revision: 1.0
---
Disable the WebClient service ...
---
Block the download of .LNK and .PIF files from the internet ...
___

Embedded Shortcuts in Documents...
- http://www.f-secure....s/00001994.html
July 21, 2010

- http://web.nvd.nist....d=CVE-2010-2568
Last revised: 07/22/2010
CVSS v2 Base Score: 9.3 (HIGH)

:ph34r:

Edited by apluswebmaster, 22 July 2010 - 08:16 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#183 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 July 2010 - 05:30 AM

FYI...

Exploits in the wild for Windows shortcut vuln
- http://blog.trendmic...ty-in-the-wild/
July 22, 2010 - "Exploits for the recently discovered Windows shortcut vulnerability are now fully out in the wild and affecting users. While earlier samples were seen in more narrowly targeted attacks, the new samples Trend Micro analysts found are now aimed at broader audiences and pose a threat to users at large. Indonesia and India have been particularly hard-hit by this attack, accounting for more than 75 percent of the total number of infections. In addition, a recent update to Microsoft’s advisory has added a new vector for this vulnerability. File formats that support embedded shortcuts (e.g., Microsoft Office documents) can now be used to spread exploits as well. This means that users who download and open such files could find themselves the latest victim of this vulnerability. It has also been reported that this attack could be used in drive-by attack scenarios, further increasing risks... Below is a summary of these possibilities:
1. USB drive infection...
2. Network shares...
3. Malicious website...
4. Documents...
"
(More detail at the URL above.)

- http://atlas.arbor.n...ndex#1754998770
Microsoft .lnk 0day Attack Vector
Severity: Extreme Severity
Analysis: This is a serious risk, and a critical one for SEIMENS WinCC sites. We encourage all Windows sites to review the bulletin for mitigation options in the absence of a patch..."

- http://threatinfo.tr...ty Exploit.html

- http://www.symantec....tags/w32stuxnet
July 22, 2010 - "... Within the past 72 hours we've seen close to 14,000 unique IP addresses infected with W32.Stuxnet attempt to contact the C&C server..."

- http://web.nvd.nist....d=CVE-2010-2568
Last revised: 07/23/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.f-secure....2_stuxnet.shtml
- http://www.symantec....3123-99&tabid=2
- http://www.sophos.co...32stuxnetb.html

:ph34r: :ph34r:

Edited by apluswebmaster, 23 July 2010 - 03:15 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#184 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 July 2010 - 08:50 PM

FYI...

MS .lnk 0-day attack vector
- http://atlas.arbor.n...ndex#1754998770
Severity: Extreme Severity
Analysis: This is a serious risk, and a critical one for SEIMENS WinCC sites. We encourage all Windows sites to review the bulletin* for mitigation options in the absence of a patch..."
* http://www.microsoft...ry/2286198.mspx

NEW malware families using .LNK vulnerability
- http://blogs.technet...nerability.aspx
23 Jul 2010

- http://web.nvd.nist....d=CVE-2010-2772
Last revised: 07/26/2010

- http://www.networkwo...picking-up.html
July 22, 2010 - "... Siemens issued a Security Update** for its customers on Thursday, but Microsoft has yet to patch the Windows bug that permits the worm to spread..."
** http://support.autom...783&caller=view

- http://www.symantec....tags/w32stuxnet
July 25, 2010

:ph34r:

Edited by apluswebmaster, 28 July 2010 - 05:17 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#185 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 July 2010 - 02:13 PM

FYI...

Windows Shortcut Exploit protection tool
- http://www.sophos.co...ction-tool.html
"... The Windows Shortcut Exploit is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link to run a malicious DLL file. Our free, easy-to-use tool blocks this exploit from running on your computer..."

- http://isc.sans.edu/...ml?storyid=9268
Last Updated: 2010-07-26 17:03:58 UTC

- http://www.sophos.co...cle/111570.html
Last updated: 26 Jul 2010

- http://www.sophos.co...loit-free-tool/
Video: 1:57

- http://www.f-secure....s/00001996.html
July 26, 2010 - "... several additional malware families are now attempting to exploit Microsoft's LNK vulnerability (2286198). But here's the good news: so far, the new exploit samples are detected by us, and by many other vendors*. Basically we're seeing new payloads using the same basic exploit method, which is being detected generically, and not new versions of the exploit..."
* http://www.virustota...9965-1280146392
File dsafnegweje.lnk received on 2010.07.26 12:13:12 (UTC)
Result: 18/42 (42.86%)

- http://blog.trendmic...loit-bandwagon/
July 27, 2010 - "... exploits targeting the Windows shortcut zero-day vulnerability have risen in number. It is also now being used to spread ZBOT variants via malicious attachments to spammed messages... with the subject Microsoft Windows Security Advisory..."

:!:

Edited by apluswebmaster, 30 July 2010 - 02:20 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#186 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 July 2010 - 03:21 PM

FYI...

MS shortcut/vuln fix to be released 8.2.2010
- http://blogs.technet...ry-2286198.aspx
29 Jul 2010 - "... we're announcing plans to release a security update to address the vulnerability discussed in Security Advisory 2286198* on Monday, August 2, 2010 at or around 10 AM PDT..."
* http://www.microsoft...ry/2286198.mspx

- http://www.microsoft...n/ms10-aug.mspx
July 30, 2010

- http://blogs.technet...was-sality.aspx
30 Jul 2010 - "... Microsoft announced plans to release of an out-of-band update... numbers show infection attempts upon systems -we- protect... threats are becoming more widespread...
Malicious links exploiting CVE-2010-2568
Exploit:Win32/CplLnk.A
Exploit:Win32/CplLnk.B
Stuxnet
TrojanDropper:Win32/Stuxnet.A
Trojan:WinNT/Stuxnet.A
Trojan:WinNT/Stuxnet.B (initially called VirTool:WinNT/Rootkitdrv.HK)
Trojan:Win32/Stuxnet.A
Worm:Win32/Stuxnet.A
Worm:Win32/Stuxnet.B
Sality
Virus:Win32/Sality.AU (initial detection provided by generic signature Virus:Win32/Sality.AT)
Vobfus
Worm:Win32/Vobfus.H
Worm:Win32/Vobfus.P
Chymine
Trojan:Win32/Chymine.A
TrojanSpy:Win32/Chymine.A
TrojanDownloader:Win32/Chymine.A ..."

:ph34r:

Edited by apluswebmaster, 30 July 2010 - 05:47 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#187 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 August 2010 - 01:05 PM

FYI...

MS10-046 released Out-of-Band...
- http://blogs.technet...band-today.aspx
2 Aug 2010 - "... today we released Security Bulletin MS10-046* out-of-band to address a vulnerability in Windows. This security update addresses a vulnerability in the handling of shortcuts that affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2... For customers using automatic updates, this update will automatically be applied once it is released. Customers not using automatic updates should download, test and deploy this update as quickly as possible..."
* http://www.microsoft...n/MS10-046.mspx
"... This vulnerability is currently being exploited..."

- http://www.microsoft...ry/2286198.mspx
Updated: August 02, 2010 - "... We have issued MS10-046* to address this issue..."

- http://web.nvd.nist....d=CVE-2010-2568

- http://www.sophos.co...c/shortcut.html
August 2, 2010 - "... If you have the Sophos Windows Shortcut Exploit Protection Tool on your machine, uninstall it before deploying Microsoft's patch."

FIX:
- http://www.spywarein...ndpost&p=729327

Stuxnet - Rootkit for SCADA Devices...
- http://www.symantec....t-scada-devices
August 6, 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 08 August 2010 - 05:22 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#188 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 August 2010 - 12:05 PM

FYI...

LNK vuln (MS10-046) now leveraged by botnet...
- http://www.symantec....sality-goes-lnk
August 9, 2010 - "... The discovery of the LNK vulnerability (BID 41732*), initially used by Stuxnet, gave malware authors a cheap, easy, and effective way to propagate their creations. The Sality gang didn’t waste much time and jumped on the bandwagon in the early days of August. However, it seems that it was only this weekend that they decided to leverage their botnet to potentially infect even more computers. The latest package downloaded by Sality (sequence ID 122) refers to a few URLs, including Sality-standard hack tools (mail relay, HTTP proxy), but also to a dropper for Sality itself... make sure your operating system is properly patched..."
* http://www.securityf...1732/references

- http://www.spywarein...ndpost&p=729327
"Critical ... This vulnerability is currently being exploited..."

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#189 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 August 2010 - 12:18 PM

FYI...

Microsoft Security Advisory (2264072)
Elevation of Privilege Using Windows Service Isolation Bypass
- http://www.microsoft...ry/2264072.mspx
August 10, 2010 - "Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege... Although, in most situations, untrusted code is not running under the NetworkService identity, the following scenarios have been identified as possible exceptions:
• Systems running Internet Information Services (IIS) in a non-default configuration are at an increased risk, particularly if IIS is running on Windows Server 2003 and Windows Server 2008, because the default worker process identity on these systems is NetworkService.
• Systems running SQL Server where users are granted SQL Server administrative privileges are at an increased risk.
• Systems running Windows Telephony Application Programming Interfaces (TAPI) are at an increased risk...
For the TAPI scenario, Microsoft is providing a non-security update*...
(FAQ) The Windows Service Isolation feature is an optional configuration that some customers may choose to deploy. This feature is not appropriate for all customers..."
- http://support.micro....com/kb/2264072

* TAPI non-security update: http://support.microsoft.com/kb/982316

- http://web.nvd.nist....d=CVE-2010-1886
Last revised: 08/17/2010
CVSS v2 Base Score: 6.8 (MEDIUM)
___

Microsoft Security Advisory (977377)
Vulnerability in TLS/SSL Could Allow Spoofing
- http://www.microsoft...ory/977377.mspx
Published: February 09, 2010 | Updated: August 10, 2010 - "... We have issued MS10-049* to address this issue..."
* http://www.microsoft...n/MS10-049.mspx
___

Update on the publicly disclosed Win32k.sys EoP Vulnerability
- http://blogs.technet...nerability.aspx
10 Aug 2010 - "... investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time... we are now able to report that this is a local elevation of privilege vulnerability only. This type of issue allows attackers to gain system-level privileges after they have already obtained an account on the target system. For this issue to be exploited, an attacker must have valid log-on credentials on the target system and be able to log on locally, or must already have code running on the target system. The vulnerability cannot be exploited remotely, or by anonymous users. We will not be releasing a security advisory for this issue, but it will be included in a future security update...."

.

Edited by apluswebmaster, 26 August 2010 - 01:03 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#190 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 August 2010 - 07:01 PM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
August 23, 2010 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security*, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool** that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems.
Mitigating Factors:
• This issue only affects applications that do not load external libraries securely. Microsoft has previously published guidelines for developers in the MSDN article, Dynamic-Link Library Security*, that recommend alternate methods to load libraries that are safe against these attacks.
• For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
• The file sharing protocol SMB is often disabled on the perimeter firewall. This limits the possible attack vectors for this vulnerability..."

* http://msdn.microsof.../ff919712(VS.85).aspx
8/19/2010

** http://support.micro....com/kb/2264107
August 23, 2010

More... DLL Preloading remote attack vector
- http://blogs.technet...ack-vector.aspx
23 Aug 2010

- http://isc.sans.edu/...ml?storyid=9445
Last Updated: 2010-08-24 17:01:04 UTC ...(Version: 3) - "... UPDATE 2: We received some e-mails about active exploitation of this vulnerability in the wild... it appears that the attackers so far are exploiting uTorrent, Microsoft Office and Windows Mail... applications for which Proof of Concept exploits have been published... be very careful about files you open from network shares..."

- http://www.us-cert.g...urity_advisory5
August 24, 2010 - "... publicly available exploit code for this vulnerability... workarounds may reduce the functionality of the affected systems. Workarounds include:
• disabling the loading of libraries from WebDAV and remote network shares
• disabling the WebClient service
• blocking TCP ports 139 and 445 at the firewall ...

- http://securitytrack...ug/1024355.html
Aug 24 2010
___

- http://blog.eset.com...les/DLLvuln.png
August 26, 2010
___

Insecure Library Loading Vulnerability:
Release Date: 2010-08-25

Microsoft Windows Address Book...
- http://secunia.com/advisories/41050/
uTorrent...
- http://secunia.com/advisories/41051/
Adobe Photoshop...
- http://secunia.com/advisories/41060/
Microsoft Office PowerPoint...
- http://secunia.com/advisories/41063/
Wireshark...
- http://secunia.com/advisories/41064/
Opera...
- http://secunia.com/advisories/41083/
Mozilla Firefox...
- http://secunia.com/advisories/41095/
Windows Live Mail...
- http://secunia.com/advisories/41098/
Microsoft Office Groove...
- http://secunia.com/advisories/41104/
VLC Media Player...
- http://secunia.com/advisories/41107/
avast! Antivirus...
- http://secunia.com/advisories/41109/
Adobe Dreamweaver...
- http://secunia.com/advisories/41110/
TeamViewer...
- http://secunia.com/advisories/41112/

... Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
"... vulnerability is confirmed...
Solution: Do not open untrusted files..."
___

- http://secunia.com/blog/120
24 August 2010 - "... the discovery of the remote vector just made this serious... The vulnerability is not in the Windows OS itself, but is caused by bad (insecure) programming practises in applications when loading libraries combined with how the library search order works in Windows. Ideally, when loading a library (or running an executable), a fully qualified path should be passed to the APIs used (e.g. LoadLibrary()). In case a programmer refrains from doing so and only supplies the library name, Windows searches for the file in a number of directories in a particular order. These directories may include the current working directory, which leads to the core of the problem related to the new, remote attack vector as Windows eventually searches for the file on e.g. a remote SMB or WebDAV share if that happens to be the current directory. This is the case if a user e.g. is tricked into opening a file located on a remote share. By placing a malicious library, which a vulnerable application searches for, on the share it is loaded into the application and code is executed with the privileges of the user running it. As the core problem is not in Windows, but rather caused by applications loading libraries insecurely (i.e. not supplying a fully qualified path or not initially calling SetDllDirectory() with a blank path), Secunia will not be issuing a general advisory for Windows. Instead, (likely, quite a lot of) advisories will be issued as affected applications are identified. Currently, we are seeing reports from various researchers having identified everywhere between 40 to 200 vulnerable applications, but the actual number may be a lot higher..."

- http://www.kb.cert.org/vuls/id/707943
Date Last Updated: 2010-08-25

:ph34r: :ph34r:

Edited by apluswebmaster, 26 August 2010 - 01:34 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#191 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 August 2010 - 01:43 PM

FYI...

ESET graphic: DLL loading vulnerability
- http://blog.eset.com...les/DLLvuln.png
August 26, 2010

(One picture worth a thousand words.)

:ph34r:

Edited by apluswebmaster, 26 August 2010 - 01:50 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#192 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 27 August 2010 - 04:21 PM

FYI...

- http://www.computerw...or_40_plus_apps
August 25, 2010 - "... The flaws stem from the way many Windows applications call code libraries - dubbed "dynamic-link library," or "DLL" - that give hackers wiggle room they can exploit by tricking an application into loading a malicious file with the same name as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive - and in some cases con them into opening a file - they can hijack a PC and plant malware on it... As of 3 p.m. ET, more than 30 exploits had been posted on Wednesday alone..."

- http://www.kb.cert.org/vuls/id/707943
Last Updated: 2010-09-08

- http://secunia.com/a...g Vulnerability
Last Updated: Oct. 18, 2010 - (Count is now -133-)

Microsoft apps... DLL hijacking attack vuln
- http://web.nvd.nist....d=CVE-2010-3138
- http://web.nvd.nist....d=CVE-2010-3139
- http://web.nvd.nist....d=CVE-2010-3140
- http://web.nvd.nist....d=CVE-2010-3141
- http://web.nvd.nist....d=CVE-2010-3142
- http://web.nvd.nist....d=CVE-2010-3143
- http://web.nvd.nist....d=CVE-2010-3144
- http://web.nvd.nist....d=CVE-2010-3145
- http://web.nvd.nist....d=CVE-2010-3146
- http://web.nvd.nist....d=CVE-2010-3147
- http://web.nvd.nist....d=CVE-2010-3148
Last revised: 08/30-31/2010
CVSS v2 Base Score: 9.3 (HIGH)

:ph34r:

Edited by AplusWebMaster, 18 October 2010 - 09:53 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#193 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 31 August 2010 - 03:43 PM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
"...Workarounds:
• Disable loading of libraries from WebDAV and remote network shares...
• Disable the WebClient service...
• Block TCP ports 139 and 445 at the firewall...
(See "Impact of workaround" for each one)..."
• V1.1 (August 31, 2010) Added a link to Microsoft Knowledge Base Article 2264107* to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares.
* http://support.micro....com/kb/2264107
August 31, 2010 - Revision: 4.0

MS SRD - Update on the DLL-preloading remote attack vector
- http://blogs.technet...ack-vector.aspx
31 Aug 2010 - "... Note: The Fix-it itself does not install the workaround tool. You’ll need to separately download and install the tool beforehand.
To instead completely block all DLL-preloading attack vectors, including the threat of malicious files on a USB thumb drive or files arriving via email as a ZIP attachment, set CWDIllegalInDllSearch to 0xFFFFFFFF. This will address any DLL preloading vulnerabilities that may exist in applications running on your system. However, it may have some unintended consequences for applications that require this behavior, so we do recommend thorough testing..."
- http://go.microsoft....?linkid=9742148

- http://techblog.avir...erabilities/en/
September 2, 2010 - "... the company released a Fix-it tool which can be executed after the patch has been applied. It lessens the restrictions introduced by the patch so that most applications do work again. Windows then still blocks loading DLLs from network shares or WebDAV, but if a malicious DLL is located within a local working directory, an attack may still succeed..."

Verified Secunia List:
- http://secunia.com/a...ibrary_loading/
(tables are automatically updated as Secunia issues new advisories)
Number of products affected...
Number of vendors affected...
Number of Secunia Advisories issued...

:!:

Edited by AplusWebMaster, 18 October 2010 - 02:54 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#194 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 September 2010 - 03:42 AM

FYI...

Microsoft Security Advisory (2401593)
Vulnerability in Outlook Web Access Could Allow Elevation of Privilege
- http://www.microsoft...ry/2401593.mspx
September 14, 2010 - "Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack an authenticated OWA session. The attacker could then perform actions on behalf of the authenticated user without the user's knowledge, within the security context of the active OWA session. This vulnerability affects supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007 (except Microsoft Exchange Server 2007 Service Pack 3). Microsoft Exchange Server 2000, Microsoft Exchange Server 2007 Service Pack 3, and Microsoft Exchange Server 2010 are -not- affected by the vulnerability. For more information, see the section, Affected and Non-Affected Software. Microsoft recommends that customers running affected editions of Microsoft Exchange Server upgrade to a non-affected version of Microsoft Exchange Server to address the vulnerability. Customers who are unable to upgrade at this time can refer to the Workarounds section for options that can help limit how an attacker can exploit the vulnerability. At this time, we are unaware of any attacks attempting to exploit this vulnerability."
- http://web.nvd.nist....d=CVE-2010-3213
- http://secunia.com/advisories/41421/
"... Solution: The vulnerability is fixed in Microsoft Exchange Server 2007 SP3..."

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.7 (October 12, 2010): Updated the FAQ with information about a non-security update enabling Windows Server Message Block (SMB) to opt in to Extended Protection for Authentication.

:ph34r:

Edited by AplusWebMaster, 18 October 2010 - 02:20 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#195 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 18 September 2010 - 04:25 AM

FYI...

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- http://www.microsoft...ry/2416728.mspx
September 17, 2010 - "Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
CVE Reference: CVE-2010-3332..."

- http://blogs.technet...nerability.aspx

:ph34r:

Edited by apluswebmaster, 18 September 2010 - 04:46 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#196 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 September 2010 - 03:16 PM

FYI...

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- https://www.microsof...ry/2416728.mspx
Published: September 17, 2010 | Updated: September 20, 2010
• V1.1 (September 20, 2010): "Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround."

- http://weblogs.asp.n...nerability.aspx
September 20, 2010

- http://blogs.msdn.co...sharepoint.aspx
20 Sep 2010

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#197 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 September 2010 - 02:23 AM

FYI...

MS10-070 released
- http://www.spywarein...post__p__733491
___

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- http://www.microsoft...ry/2416728.mspx
Updated: September 28, 2010 - "... We have issued MS10-070* to address this issue..."
* http://www.microsoft...n/MS10-070.mspx
___

- http://web.nvd.nist....d=CVE-2010-3332
Last revised: 09/22/2010
CVSS v2 Base Score: 5.0 (MEDIUM)

- http://blogs.technet...und-update.aspx
24 Sep 2010 3:27 PM

- http://blogs.msdn.co...sharepoint.aspx
** Updated 9/24/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint...
** Updated 9/22/2010 10:40AM ** – Updated verification step for SharePoint Server 2007 and Windows SharePoint Services 3.0 and added an exception in the workaround for Windows SharePoint Services 2.0 running under ASP.NET 1.1.
** Updated 9/21/2010 11:05PM ** – Updated with workaround for SharePoint Server 2007 and Windows SharePoint Services 3.0 and updated SharePoint 2010 workaround.
** Updated 9/21/2010 3:06PM ** – Included details for previous releases and workaround for WSS 2.0.

- http://weblogs.asp.n...nerability.aspx
September 24, 2010 4:13 PM

- http://securitytrack...ep/1024459.html
Updated: Sep 25 2010

:ph34r: :ph34r:

Edited by apluswebmaster, 28 September 2010 - 12:50 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#198 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 November 2010 - 01:55 PM

FYI...

Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ry/2458511.mspx
• V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in the EMET, DEP, and CSS workarounds.
"Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue. The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
At this time, we are aware of targeted attacks attempting to use this vulnerability... Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update..."
(Workarounds listed at the URL above.)

- http://support.micro....com/kb/2458511
Last Review: November 4, 2010 - Revision: 3.0 - "...Two fixit solutions are available:
• Fix it solution for the user-defined CSS
- http://support.micro...511#FixItForMe1
• Fixit solution for Data Execution Prevention in Internet Explorer 7
- http://support.micro...ixItForMeAlways

• Enhanced Mitigation Experience Toolkit
- http://support.micro...com/kb/2458544/
November 2, 2010 - Revision: 1.0

CVE-2010-3962

IE 0-Day used in Targeted Attacks
- http://www.symantec....argeted-attacks
Nov. 3, 2010

- http://www.securityt....com/id?1024676
Updated: Nov 4 2010 - "... This vulnerability is being actively exploited..."
- http://secunia.com/advisories/42091/
Last Update: 2010-11-04
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround ...
NOTE: The vulnerability is currently being actively exploited...

- http://blogs.technet...nerability.aspx

- http://isc.sans.edu/...ml?storyid=9874
Last Updated: 2010-11-07 14:30:10 UTC ...(Version: 6) - "... would likely be leveraged in a drive-by-exploit scenario..."

:ph34r:

Edited by AplusWebMaster, 16 November 2010 - 04:15 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#199 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 November 2010 - 07:37 AM

FYI...

IE 0-day fix due out Dec. 14, 2010
- http://blogs.technet...nd-warrior.aspx
9 Dec 2010 - "... the bulletin addressing this issue is planned to be released on Tuesday, Dec. 14 ..."
- http://www.microsoft...10-3962-geo.jpg
CVE-2010-3942 0-day - Attacks thru 12.8.2010 - MMPC charts
- http://www.microsoft...010-3962-OS.jpg
___

IE 0-day in exploit kit...
- http://thompson.blog...xploit-kit.html
November 07, 2010 - "... CVE-2010-3962* is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably..."
* http://web.nvd.nist....d=CVE-2010-3962
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in November 2010..."
• Fix it solution for the user-defined CSS
- http://support.micro...511#FixItForMe1
November 4, 2010 - Revision: 3.0

- http://www.microsoft...ry/2458511.mspx
• V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in the EMET, DEP, and CSS workarounds.

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 December 2010 - 06:22 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#200 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 November 2010 - 09:26 AM

FYI...

Microsoft Security Advisory (2269637)
[DLL] Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
• V2.0 (November 9, 2010) Added Microsoft Security Bulletin MS10-087*, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.
* http://www.microsoft...n/MS10-087.mspx

> http://www.spywarein...-november-2010/

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button