Jump to content


Photo

MS Security Advisories


  • Please log in to reply
316 replies to this topic

#201 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 18 November 2010 - 02:28 PM

FYI...

EMET v2.0.0.3 released
- http://blogs.technet...3-released.aspx
17 Nov 2010 - "... some Enhanced Mitigation Experience Toolkit (EMET) v2.0 users may have potential issues with the update functionality of specific applications from Adobe and Google. As a result, today we released a new version of EMET that will help ensure these updaters work as expected when EMET is in place for added protection. No other behavior is being changed with this release. You can download version 2.0.0.3 of EMET here*..."
* http://www.microsoft...34-95c855f69c39

> http://www.computerw...Chrome_problems
November 18, 2010

- http://www.theregist...dobe_conflicts/
Enterprise Security, 19 November 2010

:ph34r: :ph34r:

Edited by AplusWebMaster, 19 November 2010 - 12:27 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#202 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 14 December 2010 - 08:31 PM

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.8 (December 14, 2010): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.
• V1.9 (December 17, 2010): Removed the FAQ entry, originally added December 14, 2010, about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
12/14/2010 - "We have issued MS10-090* to address this issue..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
• V3.0 (December 14, 2010) Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section:
MS10-093*, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;"
MS10-094*, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;"
MS10-095*, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;"
MS10-096*, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and
MS10-097*, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."

* http://www.spywarein...post__p__738594

.

Edited by AplusWebMaster, 22 December 2010 - 06:52 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#203 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 December 2010 - 11:40 AM

FYI...

MS WMI Administrative Tool ActiveX Control Vuln
- http://www.us-cert.g...ve_tool_activex
December 22, 2010 - "... vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor... Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596* ..."
* http://www.kb.cert.org/vuls/id/725596
Last Updated: 2010-12-22

- http://secunia.com/advisories/42693/
Release Date: 2010-12-22
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft WMI Administrative Tools 1.x, Microsoft WMI Object Viewer ActiveX Control 1.x...
Solution: Set the kill-bit for the affected ActiveX control...

:ph34r: :ph34r:

Edited by AplusWebMaster, 22 December 2010 - 08:07 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#204 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 December 2010 - 04:56 PM

FYI...

- http://blogs.technet...nerability.aspx
swiblog / 22 Dec 2010 6:58 PM - "... the IIS FTP Service is not installed by default, and even after installation, it is not enabled by default..."

0-Day IIS 7.5 DoS (processing FTP requests)
- http://isc.sans.edu/...l?storyid=10126
Last Updated: 2010-12-22 22:05:34 UTC - "A 0-day exploit has been published at exploit-db (see US-Cert advisory*) that takes advantage of a memory corruption vulnerability in IIS 7.5's FTP service. This bug will work pre-authentication.
From the looks of it, it is a pure remote exploit that's chief use would be denial of service. As with any memory corruption bugs, it is theoretically possible to use this to gain access to the server with the permissions of the user that is running IIS... Some defenses would be limiting FTP services that are internet-facing (especially if IIS), using firewalls to limit access to the server and configuring perimeter devices to check for memory attacks..."
* http://www.kb.cert.org/vuls/id/842372

- http://secunia.com/advisories/42713
Release Date: 2010-12-22
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Information Services (IIS) 7.x
Solution: Restrict traffic to the FTP service.

- http://www.securityt....com/id?1024921
Dec 22 2010

:ph34r: :ph34r:

Edited by AplusWebMaster, 23 December 2010 - 09:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#205 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 December 2010 - 07:53 PM

FYI...

Microsoft Security Advisory (2488013)
Vulnerability in -IE- Could Allow Remote Code Execution
- http://www.microsoft...ry/2488013.mspx
• V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.
December 22, 2010 - "Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue. The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. Currently, Microsoft is unaware of any active exploitation of this vulnerability..."
- http://web.nvd.nist....d=CVE-2010-3971
Last revised: 12/23/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://blogs.technet...ry-2488013.aspx
22 Dec 2010

- http://secunia.com/advisories/42510
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...

- http://www.securityt....com/id?1024922
Dec 23 2010

:ph34r: :ph34r:

Edited by AplusWebMaster, 01 January 2011 - 11:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#206 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 December 2010 - 10:40 AM

FYI...

- http://community.web...t-explorer.aspx
23 Dec 2010 - "... Two different new zero-day exploits were published on December 22...
1) ... The use of built-in protections of DEP and ASLR on the Windows platform and Internet Explorer doesn't guarantee to stop the exploit. It stems from the fact that the affected DLL mscorie.dll used by Internet Explorer wasn't compiled to support ASLR - this fact allows an attacker to also bypass DEP by using ROP (return to oriented programming) and successfully exploit the system...
2) ... The second vulnerability takes advantage of the Microsoft WMI Administrative Tools ActiveX Control. Internet Explorer is vulnerable only if Microsoft WMI administrative tools is installed..."

:scratchhead:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#207 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 December 2010 - 07:12 AM

FYI...

Targeted attacks against MS Office vuln (CVE-2010-3333/MS10-087)
- http://blogs.technet...3-ms10-087.aspx
29 Dec 2010 - "... A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware. The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one. The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack... We recommend customers that have not yet installed the security update MS10-087* to do so at their earliest convenience..."
* http://www.microsoft...n/MS10-087.mspx
Updated: December 15, 2010
Version: 2.0

- http://web.nvd.nist....d=CVE-2010-3333
Last revised: 12/21/2010
CVSS v2 Base Score: 9.3 (HIGH)

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#208 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 04 January 2011 - 04:54 PM

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft...ry/2490606.mspx
January 04, 2011 - "Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."
[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]
- http://web.nvd.nist....d=CVE-2010-3970
Last revised: 12/23/2010
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/42779/
Release Date: 2011-01-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Solution: The vendor recommends restricting access to shimgvw.dll...
Original Advisory: Microsoft:
http://www.microsoft...ry/2490606.mspx
Metasploit: http://www.metasploi...eddibsection.rb

- http://www.securityt....com/id?1024932
Jan 4 2011

- http://blogs.technet...ry-2490606.aspx
4 Jan 2011 - "... Microsoft is actively working to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability... we are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."

- http://isc.sans.edu/...l?storyid=10201
Last Updated: 2011-01-04 19:26:17 UTC- "... it is possible to modify the access control list on shimgvw.dll to prevent rendering of thumbnails (this would affect all thumbnails, not just malicious ones). See the Microsoft advisory for details... This particular vulnerability was disclosed in December 2010 by Moti and Xu Hao at the "Power of Community" conference. The conference presentation outlines in some detail how to create a file to exploit this vulnerability. The thumbnail itself is stored in the file as a bitmap. The vulnerability is exploited by setting the number of color indexes in the color table to a negative number (biClrUsed). The published slides do provide hints on how to exploit this vulnerability including bypassing SafeSEH* and DEP ..."
(Might help...) ... f/ Vista SP1, Win7, Server2008 and Server2008R2
* http://support.micro...956607#fixit4me
November 24, 2009 Revision: 3.0 - "... it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option. We recommend that Windows users who are running any of the above operating systems enable this feature to improve the security profile of their systems...
• This wizard only applies to Vista SP1 and Server2008...
By default, SEHOP is enabled in Windows Server 2008 R2 and in Windows Server 2008.
By default, SEHOP is disabled in Windows 7 and in Windows Vista..."

:ph34r:

Edited by AplusWebMaster, 05 January 2011 - 07:05 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#209 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 05 January 2011 - 03:16 PM

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft...ry/2490606.mspx
• V1.1 (January 5, 2011): Added a link* to the automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround.
* http://support.micro...0606#FixItForMe
January 19, 2011 - Revision: 3.0

[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]

- http://web.nvd.nist....d=CVE-2010-3970
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-0347
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)
IE on Windows XP allows remote attackers to trigger an incorrect GUI display...
Advisory: http://www.microsoft...ry/2490606.mspx
___

Current unpatched Windows/IE vulns
- http://isc.sans.edu/...l?storyid=10216
Last Updated: 2011-01-05 20:49:56 UTC

:ph34r: :ph34r:

Edited by AplusWebMaster, 23 January 2011 - 06:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#210 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 January 2011 - 08:57 AM

FYI...

Current unpatched Windows/IE vulns...
- http://isc.sans.edu/...l?storyid=10216
Last Updated: 2011-01-08 01:58:58 UTC ...(Version: 2)
"Update: Microsoft now created its own version of this table*..."

* http://blogs.technet...y-the-msrc.aspx
7 Jan 2011 5:00 PM

:ph34r: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#211 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 January 2011 - 09:50 PM

FYI...

Microsoft Security Advisory (2488013)
Vulnerability in -IE- Could Allow Remote Code Execution
- http://www.microsoft...ry/2488013.mspx
• V1.3 (January 11, 2011): "Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround...
Impact of workaround: There are side effects to blocking the recursive loading of a cascading style sheet (CSS). Users may encounter some slight performance issues due to the increased checking that is required to block the loading of the CSS files...
Workaround: Microsoft Fix it: http://support.micro...8013#FixItForMe
January 12, 2011 - Revision: 3.0 - ... This Fixit solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fixit solution cancels the loading of the cascading style sheet. This Fixit solution takes advantage of a feature that is typically used for application compatibility fixes. This feature can modify the instructions of a specific binary when it is loaded..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
• V4.0 (January 11, 2011): Added Microsoft Security Bulletin MS11-001*, Vulnerability in Windows Backup Manager Could Allow Remote Code Execution, to the Updates relating to Insecure Library Loading section.
* http://www.microsoft...n/MS11-001.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.10 (January 11, 2011): Updated the FAQ with information about a new release enabling Microsoft Office Live Meeting Service Portal to opt in to Extended Protection for Authentication.

.

Edited by AplusWebMaster, 22 January 2011 - 11:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#212 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 January 2011 - 03:22 AM

FYI...

IE drive-by bug...
- http://www.theregist..._execution_bug/
12 January 2011 - "Microsoft on Tuesday warned that attackers have begun exploiting a critical vulnerability in Internet Explorer and rolled out a temporary fix* until a permanent patch is issued. The vulnerability in IE versions 6, 7 and 8, which involves the way the browser handles cascading style sheets, allows adversaries to perform drive-by malware attacks by luring victims to booby-trapped webpages. The exploits are triggered by recursive CSS pages, in which style sheets include their own addresses..."
* http://blogs.technet...ry-2488013.aspx
11 Jan 2011 - "... It’s important to note that the workaround will protect Internet Explorer only if the latest security updates have been applied, including MS10-090 which was released on December 14, 2010. You can find MS10-090 at http://www.microsoft...n/MS10-090.mspx
> To install the workaround, click here: http://download.micr...tFixit50591.msi
> If you’d like to uninstall the workaround after you have installed it, click here: http://download.micr...tFixit50592.msi ..."

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#213 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 January 2011 - 03:59 PM

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft...ry/2490606.mspx
• V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems.
"... Workarounds:
• Modify the Access Control List (ACL) on shimgvw.dll on Windows XP and Windows Server 2003 systems...
Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...
• Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems...
Impact of Workaround: Windows Explorer will not display thumbnail images..."

- http://web.nvd.nist....d=CVE-2010-3970
Original release date: 12/22/2010
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)

:blink:

Edited by AplusWebMaster, 19 January 2011 - 04:28 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#214 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 January 2011 - 03:54 PM

FYI...

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft...ry/2501696.mspx
January 28, 2011 - "Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user... we recommend that customers apply one or more of the client-side workarounds provided in the Suggested Actions section of this advisory to help block potential attack vectors regardless of the service...
CVE Reference: CVE-2011-0096
Suggested Actions:
• Enable the MHTML protocol lockdown ...
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones...
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone...
Additional Suggested Actions:
• Review the Microsoft Knowledge Base Article that is associated with this advisory - For more information about this issue, see Microsoft Knowledge Base Article: http://support.micro...1696#FixItForMe
January 28, 2011 - Revision: 1.0 - ...The fixit solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fixit solution as a workaround option for some scenarios..."

- http://blogs.technet...nerability.aspx
28 Jan 2011

- http://blogs.technet...ry-2501696.aspx
28 Jan 2011
___

- http://secunia.com/advisories/43093/
Release Date: 2011-01-29
Impact: Cross Site Scripting
Where: From remote ...
Solution: Enable MHTML protocol lockdown (either manually or using the available automated "Microsoft Fix it" solution).
> http://support.micro...1696#FixItForMe
___

- http://isc.sans.edu/...l?storyid=10318
Last Updated: 2011-01-28 18:47:54 UTC

:ph34r: :ph34r:

Edited by AplusWebMaster, 29 January 2011 - 05:39 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#215 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 February 2011 - 05:09 PM

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft...ory/967940.mspx
Published: February 24, 2009 | Updated: February 08, 2011 - "... availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file...
FAQS: ...After installing the initial update described in Microsoft Knowledge Base Article 967715, the default registry setting to disable Autorun on network drives is properly enforced. After installing the 971029 update*, customers may experience the following AutoPlay behavior:
• Many existing devices in market, and many upcoming devices, use the Autorun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted. The AutoPlay behavior with CD and DVD media is not affected by this update.
• Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software. To do this, users click Open folder to view the files, browse to the software's setup program, and then double-click the setup program to run the program manually.
• Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. The AutoPlay behavior with these USB flash drives is not affected by this update..."

• V2.0 (February 8, 2011): Summary and update FAQ revised to notify users that the 971029 update to Autorun that restricts AutoPlay functionality to CD and DVD media will be offered via automatic updating.

- http://blogs.technet...940-update.aspx
8 Feb 2011

* http://support.microsoft.com/kb/971029
Last Review: February 8, 2011 - Revision: 4.0

- http://support.microsoft.com/kb/967715
Last Review: September 9, 2010 - Revision: 6.2

Virus families using Autorun / MMPC charts - MSE detections
- http://www.microsoft...0207_image1.jpg
MSRT - major virus families using Autorun
- http://www.microsoft...0207_image2.jpg
Also see Table 1: Top Families, 2H 2010, by Number of Detections
- http://blogs.technet...nd-autorun.aspx
8 Feb. 2011

(Optional MS update) Restrict USB Autorun: Update for Windows (KB971029)
- http://www.f-secure....s/00002096.html
February 9, 2011
___

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft...ry/2490606.mspx
Updated: February 08, 2011 - "... We have issued MS11-006* to address this issue..."
* http://www.microsoft...n/MS11-006.mspx

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ry/2488013.mspx
Updated: February 08, 2011 - "... We have issued MS11-003** to address this issue..."
** http://www.microsoft...n/MS11-003.mspx

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
Published: August 23, 2010 | Updated: February 08, 2011 - Version: 5.0
... Update released on February 8, 2011
• Microsoft Security Bulletin MS11-003**, "Cumulative Security Update for Internet Explorer," provides support for a vulnerable component of Internet Explorer that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory.

:ph34r:

Edited by AplusWebMaster, 09 February 2011 - 06:52 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#216 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 February 2011 - 01:39 PM

FYI... Autorun advisory updated - again.

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft...ory/967940.mspx
Updated: February 22, 2011
Version: 2.1
• V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.

:mellow:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#217 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 February 2011 - 08:52 AM

FYI...

Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft...ry/2491888.mspx
February 23, 2011 - "... an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users. Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly. Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
- http://support.micro....com/kb/2510781
February 23, 2011 - "... how to verify that the updates have been installed... This update requires Windows Live OneCare..."
- http://web.nvd.nist....d=CVE-2011-0037
Last revised: 02/28/2011 - CVSS v2 Base Score: 7.2 (HIGH) - "... before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare..."
___

- http://secunia.com/advisories/43468/
Release Date: 2011-02-24
Solution Status: Partial Fix
...The vulnerability is reported in version 1.1.6502.0 and prior of Microsoft Malware Protection Engine.
Solution: Ensure that systems are running version 1.1.6603.0 or later of Microsoft Malware Protection Engine. Typically, malware definitions and updates for Microsoft Malware Protection Engine are applied automatically...

- http://www.h-online....em-1196731.html
24 February 2011 - "... such updates are usually installed within 48 hours, but that users can also initiate the process manually..."

:!: :!:

Edited by AplusWebMaster, 01 March 2011 - 04:54 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#218 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 02 March 2011 - 11:00 AM

FYI...

MS Autorun update v2.1 now "automatic" from Windows Update
- http://isc.sans.edu/...l?storyid=10468
Last Updated: 2011-03-02 06:27:56 UTC - "Microsoft has moved their Windows Autorun V2.1 [1] (967940) update patch from optional updates to automatic updates. This is the same patch that was released in last month’s patch Tuesday. When Windows update is next run, this patch will automatically be selected to apply to your machine. This is more likely to affect home users, as companies should be using group policies to control how USB autorun settings operate. Expect one or two calls... why their favorite autorun USB stick application has stopped working."

[1] http://www.microsoft...ory/967940.mspx

:(
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#219 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 March 2011 - 04:35 AM

FYI...

Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft...ry/2491888.mspx
• V1.1 (March 8, 2011): Revised advisory FAQ to announce updated version of the MSRT...
- http://web.nvd.nist....d=CVE-2011-0037
Last revised: 02/28/2011
CVSS v2 Base Score: 7.2 (HIGH)
"... before 1.1.6603.0..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
• V6.0 (March 8, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-015, "Vulnerabilities in Windows Media Could Allow Remote Code Execution;" MS11-016, "Vulnerability in Microsoft Groove Could Allow Remote Code Execution;" and MS11-017, "Vulnerability in Remote Desktop Client Could Allow Remote Code Execution."

:ph34r:

Edited by AplusWebMaster, 14 March 2011 - 01:50 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#220 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 March 2011 - 09:53 AM

FYI...

MS advisory - updated (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
* http://www.microsoft...ry/2501696.mspx
• V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks.

- https://www.computer...Microsoft_warns
March 12, 2011 - "An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks. The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday*... The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page - what's known as a Web drive-by attack... Microsoft has released a Fixit tool** that users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users..."
** http://support.micro...1696#FixItForMe

- http://www.theregist...t_google_users/
12 March 2011

- http://preview.tinyurl.com/6jqf9t4
PCmag.com - "... Firefox and Chrome are not affected in their default configuration, as they do not support MHTML without the installation of specific add-on modules..."

:grrr: :ph34r:

Edited by AplusWebMaster, 13 March 2011 - 04:38 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#221 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 March 2011 - 02:01 PM

FYI...

Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
- http://www.microsoft...ry/2524375.mspx
March 23, 2011 - "Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against -all- Web browser users including users of Internet Explorer... Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used. An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375*..."
* http://support.micro....com/kb/2524375
March 23, 2011 - Revision: 1.0

- http://www.securityt....com/id/1025248
Mar 23 2011

- http://isc.sans.edu/...l?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC
___

- http://www.securewor.../rsacompromise/
March 18, 2011

:ph34r:

Edited by AplusWebMaster, 28 March 2011 - 03:13 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#222 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 April 2011 - 11:32 PM

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.12 (April 12, 2011): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

Microsoft Security Advisory (2506014)
Update for the Windows Operating System Loader
- http://www.microsoft...ry/2506014.mspx
4/12/2011 - "Microsoft is announcing the availability of an update to winload.exe to address an issue in driver signing enforcement... this update addresses a method by which unsigned drivers could be loaded by winload.exe. This technique is often utilized by malware to stay resident on a system after the initial infection. The issue affects, and the update is available for, x64-based editions* of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2..."
* http://support.micro....com/kb/2506014

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft...ry/2501696.mspx
Published: January 28, 2011 | Updated: April 12, 2011 - "We have issued MS11-026* to address this issue..."
* http://www.microsoft...n/ms11-026.mspx

Microsoft Security Advisory (2501584)
Release of Microsoft Office File Validation for Microsoft Office
- http://www.microsoft...ry/2501584.mspx
Last Updated: 4/12/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened... known issues* that customers may experience when utilizing the Office File Validation feature..."
* http://support.micro....com/kb/2501584

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft...ry/2269637.mspx
• V7.0 (April 12, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution;" and MS11-025, "Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution."

.
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#223 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 May 2011 - 08:47 AM

FYI...

MSIR Vol. 10 released
- http://blogs.technet...-volume-10.aspx
11 May 2011 - "... in-depth regional threat intelligence for 117 countries based on data from more than 600 million machines worldwide. The report highlights a polarization of cybercriminal behavior and an increasing trend of cybercriminals using "marketing-like" approaches and deception methods to target consumers... key data points that indicate these tactics are on the rise:
Rogue Security Software – Rogue security software was detected and blocked on almost 19 million systems in 2010, and the top five families were responsible for approximately 13 million of these detections.
Phishing – Phishing using social networking as the lure increased 1,200 percent – from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. Phishing that targeted online gaming sites reached a high of 16.7 percent of all phishing in June.
Adware – Global detections of adware when surfing websites increased 70 percent from the second quarter to the fourth quarter of 2010. This increase was almost completely caused by the detection of a pair of new Adware families, JS/Pornpop and Win32/ClickPotato, which are the two most prevalent malware in many countries.
... notable that Windows 7 operating systems are infected only about half as often as Vista, and Vista half as often as Windows XP..."
___

- http://www.theinquir...script-exploits
May 12 2011 - "... In Microsoft's latest security intelligence report, the firm revealed that in the third quarter of 2010 the number of Java attacks increased to fourteen times the number of attacks it saw in the previous quarter... Java attacks surpassed every other exploitation category that the Microsoft Malware Protection tracked..."
___

Java - most common target for attacks
- http://www.h-online....iew=zoom;zoom=1

- http://www.h-online....iew=zoom;zoom=4

- http://www.h-online....iew=zoom;zoom=5

:!:

Edited by AplusWebMaster, 20 May 2011 - 09:35 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#224 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 May 2011 - 03:13 PM

FYI...

MS EMET v2.1 released
- http://blogs.technet...-available.aspx
18 May 2011 - "... new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here* to download the tool free... new features:
• EMET is an officially-supported product through the online forum
• “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
• Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
• Improved command line support for enterprise deployment and configuration
• Ability to export/import EMET settings
• Improved SEHOP (structured exception handler overwrite protection) mitigation
• Minor bug fixes..."
* http://www.microsoft...08-115192c491cb

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#225 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 June 2011 - 04:21 AM

FYI...

MSRT detections - May 10–20, 2011
- http://blogs.technet...he-numbers.aspx
Family Count Note
Sality 202,351 Classic parasitic virus
Taterf 77,236 Worm
Rimecud 65,149 Worm
Vobfus 59,918 Worm
Alureon 58,884 Evolved parasitic virus
Parite 53,778 Evolved parasitic virus
Ramnit 52,549 Evolved parasitic virus
Brontok 50,392 Worm
Cycbot 50,209 Trojan ...
(Top 25 detections listed at the URL above.)

.
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#226 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 June 2011 - 05:14 PM

FYI...

Microsoft Security Advisory (2501584)
Office File Validation for Microsoft Office
- http://www.microsoft...ry/2501584.mspx
Updated: 6/30/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened. The Office File Validation feature described in this advisory applies when opening an Office file using Microsoft Excel 2003, Microsoft PowerPoint 2003, Microsoft Word 2003, Microsoft Publisher 2003, Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007, or Microsoft Publisher 2007. Office File Validation helps detect and prevent a kind of exploit known as a file format attack. File format attacks exploit the integrity of a file, and occur when the structure of a file is modified with the intent of adding malicious code...
Affected Software: Microsoft Office 2003 SP3, Microsoft Office 2007 SP2 ...
Microsoft revised this advisory to announce that as of June 28, 2011, the Office File Validation Add-in described in Microsoft Knowledge Base Article 2501584* is available through the Microsoft Update service...
Suggested Actions: Consult TechNet article, Office File Validation for Office 2003 and Office 2007, for information on deployment, installation, and configuration of the Office File Validation feature for Microsoft Office 2003 and Microsoft Office 2007**..."

* http://support.micro....com/kb/2501584

** http://technet.micro...70054287af.aspx

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#227 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 June 2011 - 08:05 PM

FYI...

MS Office 2010 SP1 available
- http://blogs.technet...ed_engineering/
June 29, 2011 - "... Today SP1 is available from the Download center. The Downloads Table below provides links to the new packages for SP1. If you have installed all Office Automatic Updates, you will also see SP1 available as a manual download from Microsoft Update. After a 90 day grace period, SP1 will be offered as an automatic update through Microsoft Update..."

- http://technet.micro...e/ee748587.aspx

- http://support.micro....com/kb/2460049

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#228 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 06 July 2011 - 09:12 AM

FYI...

DLL search path algorithm
- http://support.micro....com/kb/2264107
Last Review: June 10, 2011 - Revision: 5.1
___

MS to retire Office XP, Vista SP1 next week
- https://www.computer...a_SP1_next_week
July 5, 2011 - "Microsoft will retire 2001's Office XP and the first service pack for Windows Vista next week, according to the company's published schedule. Both Office XP and Vista Service Pack 1 (SP1) will exit all support July 12, this month's Patch Tuesday. That date will be the last time Microsoft issues security updates for the aging suite and Vista SP1... Microsoft generally patches security vulnerabilities in its products throughout the entire 10-year stretch. Although Office XP's support expires next week, Vista users can continue to receive security updates by upgrading to SP2... Office 2003, the follow-up to Office XP, will receive security updates until April 2014. Office 2007 and Office 2010 will get patches until April 2017 and October 2020, respectively. Office XP and Vista SP1 were last patched three weeks ago when Microsoft issued 16 security updates that fixed 34 flaws."

Office XP
- http://support.micro...ecycle/?p1=2533

:ph34r:

Edited by AplusWebMaster, 06 August 2011 - 09:06 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#229 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 August 2011 - 07:27 AM

FYI...

Microsoft Security Advisory (2562937)
Update Rollup for ActiveX Kill Bits
- https://www.microsof...ry/2562937.mspx
August 09, 2011 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. This update sets the kill bits for the following third-party software:
• CheckPoint SSL VPN On-Demand applications...
• ActBar... IBM...
• EBI R Web Toolkit... Honeywell..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://www.microsof...ry/2269637.mspx
August 09, 2011 - "... Update released on August 9, 2011
• MS11-059*, "Vulnerability in Data Access Components Could Allow Remote Code Execution," provides support for a vulnerable component of Microsoft Windows that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory..."
* https://www.microsof...n/ms11-059.mspx

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#230 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 30 August 2011 - 06:01 AM

FYI...

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
- https://www.microsof...ry/2607712.mspx
August 29, 2011 V2.0 - "Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers. Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003. Microsoft is continuing to investigate this issue and may release future updates to help protect customers..."

- https://blogs.techne...ry-2607712.aspx

- https://blog.mozilla...om-certificate/
"... We have received reports of these certificates being used in the wild... we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly..."
___

- http://h-online.com/-1333088
30 August 2011

:!:

Edited by AplusWebMaster, 30 August 2011 - 02:24 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#231 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 06 September 2011 - 02:38 PM

FYI...

- http://news.yahoo.co...-215940770.html
Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers. GlobalSign, the Belgian-based subsidiary of Japan's GMO Internet Inc., is one of the oldest and largest such companies globally. It said in a statement Tuesday it does not know whether it has actually been hacked, but is taking threats by an anonymous hacker seriously in the wake of an attack on a smaller Dutch firm, DigiNotar, that came to light last week. The DigiNotar attack is believed to have allowed the Iranian government to spy on thousands of Iranian citizens' communications with Google email during the month of August."
> http://www.globalsig...y-response.html
___

Microsoft Security Advisory (2607712)... updated
Fraudulent Digital Certificates Could Allow Spoofing
- https://www.microsof...ry/2607712.mspx
Updated: September 06, 2011 - "Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar... For supported releases of Microsoft Windows, typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically...
Suggested Actions... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2607712*..."

Fraudulent digital certificates could allow spoofing
* http://www.microsoft...ry/2607712.mspx
September 6, 2011

- https://blogs.techne...ry-2607712.aspx
6 Sep 2011

:!:

Edited by AplusWebMaster, 06 September 2011 - 11:30 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#232 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 15 September 2011 - 11:31 AM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V10.0 (September 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-071, "Vulnerability in Windows Components Could Allow Remote Code Execution;" and MS11-073, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
- https://technet.micr...lletin/ms11-071
- https://technet.micr...lletin/ms11-073

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2607712
• V4.0 (September 13, 2011): Revised to announce the release of the KB2616676 update that addresses the issue described in this advisory.
• V4.1 (September 13, 2011): Revised to announce the availability of the KB2616676 update for the Windows Developer Preview release. See the Update FAQ in this advisory for more information.
• V5.0 (September 19, 2011): Revised to announce the re-release of the KB2616676 update. See the Update FAQ in this advisory for more information.
- http://support.micro....com/kb/2616676
September 19, 2011 - Revision: 4.0

- https://blogs.techne...rtificates.aspx
19 Sep 2011
___

- https://www.computer..._switch_blooper
September 19, 2011 - "... the update (MS) shipped to Windows XP and Server 2003 users last Tuesday was flawed..."

:!:

Edited by AplusWebMaster, 20 September 2011 - 08:37 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#233 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 September 2011 - 08:23 PM

FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.micr...dvisory/2588513
September 26, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors:
The attack must make several hundred HTTPS requests before the attack could be successful.
TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected..."
(More detail at the URL above.)

- http://blogs.technet...ry-2588513.aspx
26 Sep 2011
___

- http://www.securewor...t-and-ssl-cert/
Sep 9, 2011
___

- http://web.nvd.nist....d=CVE-2011-3389
Last revised: 10/03/2011
CVSS v2 Base Score: 4.3 (MEDIUM)

- https://www.kb.cert.org/vuls/id/864643
Date Last Updated: 2011-09-29

:blink:

Edited by AplusWebMaster, 03 October 2011 - 05:26 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#234 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 October 2011 - 07:31 AM

FYI...

MS SIRv11 available
- https://blogs.techne...-available.aspx
11 Oct 2011
> http://www.microsoft...ir/default.aspx

Malware detected by MSRT H1-2011
> http://www.microsoft...SIR11_chart.png
___

- http://h-online.com/-1360430
13 October 2011

:ph34r:

Edited by AplusWebMaster, 13 October 2011 - 08:37 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#235 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 12 October 2011 - 08:16 AM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
Updated: Tuesday, October 11, 2011
• V11.0: Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, "Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;" and MS11-076, "Vulnerability in Windows Media Center Could Allow Remote Code Execution."

:!:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#236 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 03 November 2011 - 07:17 PM

FYI...

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.micr...dvisory/2639658
• V1.0 (November 3, 2011): Advisory published.
• V1.1 (November 3, 2011): Added localization notation to the Workarounds section.
• V1.2 (November 4, 2011): Revised the workaround, Deny access to T2EMBED.DLL, to improve support for non-English versions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers with non-English versions of Microsoft Windows should reevaluate the applicability of the revised workaround for their environment.
• V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.

November 03, 2011 - "Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
Workarounds: Deny access to T2EMBED.DLL
Note: See Microsoft Knowledge Base Article 2639658* to use the automated Microsoft Fix it solution to enable or disable this workaround to deny access to t2embed.dll..."
- http://support.micro...9658#FixItForMe
November 3, 2011 - Revision: 1.0
Impact of Workaround. Applications that rely on embedded font technology will fail to display properly.

- http://web.nvd.nist....d=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)
___

- https://www.computer...rosoft_confirms
November 4, 2011 - "... the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month... So far during 2011, Microsoft has patched 56 different kernel vulnerabilities with updates issued in February, April, June, July, August and October. In April alone, the company fixed 30 bugs, then quashed 15 more in July..."
___

- https://www.computer...rosoft_confirms
November 4, 2011 - "... the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month... So far during 2011, Microsoft has patched 56 different kernel vulnerabilities with updates issued in February, April, June, July, August and October. In April alone, the company fixed 30 bugs, then quashed 15 more in July..."
___

- https://secunia.com/advisories/46724/
Release Date: 2011-11-07
Criticality level: Extremely critical
Impact: System access
Where: From remote...
CVE Reference: http://web.nvd.nist....d=CVE-2011-3402
... Reported as a 0-day.
Solution: Apply the Microsoft Fix it*...
* http://support.micro...9658#FixItForMe

- http://www.securityt....com/id/1026271
Updated: Nov 4 2011
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs...
... A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with kernel level privileges. The vulnerability resides in the Win32k.sys kernel driver in the parsing of TrueType fonts...

NOTE: "... The vulnerability cannot be exploited automatically via email unless the user opens an attachment sent in an email message..."
Per: https://isc.sans.edu...l?storyid=11950

U.S.CERT: Critical alert
- https://www.us-cert....-11-291-01E.pdf
November 1, 2011

:ph34r: :ph34r:

Edited by AplusWebMaster, 09 November 2011 - 11:36 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#237 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 09 November 2011 - 06:48 PM

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085*, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
* https://technet.micr...lletin/ms11-085

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.micr...dvisory/2639658
• V1.3 (November 8, 2011): ... Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address a reoffer issue on Windows XP and Windows Server 2003. Also, revised the mitigating factors.
"... vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability..."
> http://support.micro...9658#FixItForMe

- http://web.nvd.nist....d=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)

- http://labs.m86secur...zero-day-event/
November 8th, 2011
___

A simple test of the Duqu workaround...
- http://blogs.compute...ound_is_working
November 12, 2011

:blink:

Edited by AplusWebMaster, 15 November 2011 - 06:08 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#238 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 November 2011 - 05:04 PM

FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
* http://technet.micro...dvisory/2641690
November 10, 2011 - "... The majority of customers have automatic updating enabled and will not need to take any action because the KB2641690 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually..."

- http://support.micro....com/kb/2641690
November 10, 2011 Rev 1.0 - "Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following DigiCert Sdn. Bhd intermediate certificates by putting them in the Microsoft Untrusted Certificate Store:
Digisign Server ID – (Enrich) issued by Entrust.net Certification Authority (2048)
Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root
The security advisory* contains additional security-related information..."

- https://blogs.techne...tore&GroupKeys=
10 Nov 2011
___

- https://www.us-cert....tes_could_allow
November 10, 2011

:!: :ph34r:

Edited by AplusWebMaster, 11 November 2011 - 06:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#239 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 November 2011 - 02:20 PM

FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2641690
• V2.0 (November 16, 2011): Revised to announce the re-release of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690* under Known Issues in the Executive Summary.
* http://support.micro....com/kb/2641690
November 16, 2011 - Revision: 5.1
"... Before November 16, 2011, Microsoft Windows Server Update Services (WSUS) server customers experienced problems with the versions of update 2641690 for Windows XP x64 and for Windows Server 2003. On November 16, 2011, we re-released update 2641690 to address this issue for Windows XP x64 and for all editions of Windows Server 2003. Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because update 2641690 will be installed automatically. All releases of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2 are not affected by this issue..."

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#240 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 24 November 2011 - 10:17 PM

FYI... http://windowssecret...ry/patch-watch/

... Regularly updated problem-patch chart
>> http://windowssecret...atching/#patch5
2011-11-23 - "... table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed... as safe to install will be removed from the next updated table...
[ i.e. ] Microsoft Security Bulletin MS11-069 - Moderate
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
* https://technet.micr...lletin/ms11-069
'Published: Tuesday, August 09, 2011 | Updated: Wednesday, October 26, 2011 ...
Revisions:
• V1.0 (August 9, 2011): Bulletin published.
• V1.1 (August 23, 2011): Added an update FAQ to announce a detection change for KB2539636 that corrects an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
• V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems...'

Status recommendations: Skip* — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 26 November 2011 - 08:51 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#241 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 01 December 2011 - 01:35 PM

FYI... Duqu TrueType 0-day exploit - notes ..

No Microsoft patch is available (yet)
> http://windowssecret...-pack-4/#inthe3
2011-12-01 - "... The workaround** denies access to t2embed.dll, causing the Duqu exploit to fail. But the Duqu Fix it also has an odd characteristic: it prompts Windows XP users to download two older Microsoft patches, MS10-001 (KB 972270) and MS10-076 (KB 982132) — patches most XP users have presumably already installed..."
** http://support.micro...9658#FixItForMe

Free Duqu detector from CrySyS
> http://windowssecret...-pack-4/#inthe2
2011-12-01 - "... To see whether your system is vulnerable to Duqu, you can obtain a free Duqu detector from CrySyS*..."
* http://www.crysys.hu/duqudetector.html

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#242 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 December 2011 - 03:53 PM

MS Security Advisory updates:

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.micr...dvisory/2639658
V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletin. MS11-087.
- https://technet.micr...lletin/ms11-087

Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
- https://technet.micr...lletin/ms11-099
- https://technet.micr...lletin/ms11-094
___

Insecure library loading - verified Secunia List
- https://secunia.com/...ibrary_loading/
Number of products affected: 293
Number of vendors affected: 113
Number of Secunia Advisories issued: 215
Solution Status ...

.

Edited by AplusWebMaster, 26 January 2012 - 05:44 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#243 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 December 2011 - 02:23 PM

FYI...

- http://www.spywarein...post__p__759743
Dec 29, 2011
- https://technet.micr...dvisory/2659883
Updated: December 29, 2011 - "... We have issued MS11-100* to address this issue..."
* https://technet.micr...n/ms11-100.mspx
• V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-rated changes to functionality contained in this update and added mitigation for CVE-2011-3414.

- https://www.us-cert....nerable_to_hash
Dec. 29, 2011

- http://h-online.com/-1401863
Dec. 29, 2011
___

Microsoft Security Advisory (2659883)
Vulnerability in ASP.NET Could Allow Denial of Service
- https://technet.micr...dvisory/2659883
December 28, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision. It is possible for an attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. Microsoft is aware of detailed information available publicly that could be used to exploit this vulnerability but is not aware of any active attacks.
Details of a workaround to help protect sites against this vulnerability are provided in this article. Individual implementations for sites using ASP.NET will vary and Microsoft strongly suggests customers evaluate the impact of the workaround for applicability to their implementations...
Workarounds - Configuration-based workaround
The following workaround configures the limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack..."
- http://support.micro....com/kb/2659883
December 28, 2011 - Revision: 2.0

- http://www.kb.cert.org/vuls/id/903934
2011-12-28

- https://isc.sans.edu...l?storyid=12286
Last Updated: 2011-12-28 23:02:14 UTC ...(Version: 2)
___

- https://blogs.techne...Redirected=true
27 Dec 2011 10:29 PM - "...if your website does need to accept user uploads, this workaround is likely to block legitimate requests. In that case, you should not use this workaround and instead wait for the comprehensive security update*..."
* Advanced Notification for out-of-band release to address Security Advisory 2659883
- https://blogs.techne...Redirected=true
28 Dec 2011 7:51 PM - "... The release is scheduled for December 29... The bulletin has a severity rating of Critical..."
___

- http://www.securityt....com/id/1026469
CVE Reference: CVE-2011-3414
Date: Dec 28 2011
Impact: Denial of service via network...

- http://www.ocert.org...t-2011-003.html
2011-12-28

- https://secunia.com/advisories/47323/ | https://secunia.com/advisories/47404/
- https://secunia.com/advisories/47405/ | https://secunia.com/advisories/47406/
- https://secunia.com/advisories/47407/ | https://secunia.com/advisories/47408/
- https://secunia.com/advisories/47411/ | https://secunia.com/advisories/47413/
- https://secunia.com/advisories/47414/ | https://secunia.com/advisories/47415/
Release Date: 2011-12-29

:!: :ph34r: :ph34r:

Edited by AplusWebMaster, 30 December 2011 - 09:54 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#244 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 10 January 2012 - 04:45 PM

FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.micr...dvisory/2588513
Published: Monday, September 26, 2011 | Updated: Tuesday, January 10, 2012 - "We have issued MS12-006* to address this issue..."
* https://technet.micr...lletin/ms12-006

- http://web.nvd.nist....d=CVE-2011-3389

* http://www.spywarein...ew__getlastpost

:!: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#245 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 January 2012 - 06:49 PM

FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2641690
• V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#246 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 13 March 2012 - 04:10 PM

FYI...

Microsoft Security Advisory (2647518)
Update Rollup for ActiveX Kill Bits
- https://technet.micr...dvisory/2647518
March 13, 2012

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
* https://technet.micr...lletin/ms12-022

.
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#247 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 16 March 2012 - 09:32 AM

FYI...

MS12-020 - MS RDP ...
- https://isc.sans.edu...l?storyid=12805
Last Updated: 2012-03-16 15:26:16 UTC - "... proof-of-concept is out..."

- https://isc.sans.edu...l?storyid=12808
Last Updated: 2012-03-17 00:18:07 UTC

- http://atlas.arbor.n...ndex#-700023003
Severity: Extreme Severity
March 16, 2012 01:36

- http://web.nvd.nist....d=CVE-2012-0002
Last revised: 03/15/2012
CVSS v2 Base Score: 9.3 (HIGH)

> http://www.spywarein...post__p__763683

:blink: :!: :ph34r:

Edited by AplusWebMaster, 17 March 2012 - 01:14 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#248 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 19 March 2012 - 11:54 PM

FYI...

RDP exploit watch: 5M RDP endpoints found on the Web
- http://atlas.arbor.n...dex#-1324643596
Elevated Severity
March 19, 2012 22:10
"Research suggests that approximately five million remote desktop endpoints exist on the Internet.
Analysis: Every Internet connected organization should carefully assess the need for Remote Desktop and evaluate exposure to include patch status and strength of credentials. While convenient for users, remote access tools increase the attack surface and additional layers of security such as requiring VPN access, robust network ACL's, requiring stronger authentication and extensive host hardening should be considered. Additionally, it is important to institute proper monitoring to detect attacks and unauthorized access."
Source: https://www.zdnet.co...-internet/10937
"... Dan Kaminsky has identified approximately five million internet-accessible RDP endpoints that are potentially sitting ducks for a network worm exploiting the MS12-020 vulnerability..."

- http://dankaminsky.com/2012/03/18/rdp/
March 18, 2012
___

- http://www.kb.cert.org/vuls/id/624051
Last Updated: 2012-03-19

:ph34r: :ph34r:

Edited by AplusWebMaster, 21 March 2012 - 08:21 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#249 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 22 March 2012 - 06:34 AM

FYI...

Exploit for MS12-020 RDP bug moves to Metasploit
- http://atlas.arbor.n...ndex#1373529066
Elevated Severity
March 21, 2012
"A Denial of Service exploit for the Microsoft Remote Desktop security hole is now included in the Metasploit Framework, a popular penetration testing toolkit. This DoS exploit was already in the wild.
Analysis: Hopefully the increased press on this issue has encouraged robust patching and system hardening which will reduce the impact of this issue when a remote code execution exploit does become public. istherdpexploitoutyet.com is a website tracking the progress on this issue and offering links to research information. Be aware that this site does not offer any guarantees, and dangerous fake exploits for this bug have already appeared that will cause harm to those attempting to run them. Organizations that are exploited by this Denial of Service condition will see a "blue screen of death" involving RDPWD.SYS, as seen in the blog: http://community.web...n-the-wild.aspx
Source: http://threatpost.co...tasploit-032012 "

:!: :ph34r:

Edited by AplusWebMaster, 22 March 2012 - 06:51 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#250 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 28 March 2012 - 05:24 AM

FYI...

Tool Exploiting MS12-020 Vulnerabilities ...
- http://atlas.arbor.net/briefs/
Severity: Elevated Severity
Published: Wednesday, March 28, 2012 19:20
An easy-to-use denial of service tool for the Microsoft Remote Desktop Protocol vulnerability has been released.
Analysis: While a metasploit module has been available for some time, a new, easy-to-use point and click tool lowers the bar. Organizations that have yet to patch should do so...
Source: http://www.f-secure....s/00002338.html

MS12-020 exploit in-the-wild ...
- https://www.f-secure...s/00002338.html
March 27, 2012 - "Since the public release of Microsoft's MS12-020 bulletin, there have been plenty of attempts to exploit vulnerabilities in the Remote Desktop Protocol (RDP). Last week, we received a related sample, which turned out to be a tool called "RDPKill by: Mark DePalma" that was designed to kill targeted RDP service. The tool was written with Visual Basic 6.0, and has a simple user interface. We tested it on machines running on Windows XP 32-bit and Windows 7 64-bit... Both the Windows XP 32-bit and the Windows 7 64-bit computers were affected by the Denial of Service (DoS) attack. The service crashed and triggered a "Blue Screen of Death" (BSoD) condition*...
* https://www.f-secure...dpkill_bsod.png
We detect this tool as Hack-Tool:W32/RDPKill.A. (SHA-1: 1d131a5f17d86c712988a2d146dc73367f5e5917). Besides RDPKill.A, other similar tools and Metasploit module can also be found online. Due to their availability, an unpatched RDP server would be an easy target of DoS attack by attackers who might be experimenting with these tools. For those who still haven't patched their system, especially those running RDP service on their machines, we strongly advise that you to do so as soon as possible..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 29 March 2012 - 04:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button